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Abstract 

Bidirectional typechecking, in which terms either synthesize a type 
or are checked against a known type, has become popular for its 
scalability, its error reporting, and its ease of implementation. Fol- 
lowing principles from proof theory, bidirectional typing can be ap- 
plied to many type constructs. The principles underlying a bidirec- 
tional approach to indexed types ( generalized algebraic datatypes) 
are less clear. Building on proof-theoretic treatments of equality, 
we give a declarative specification of typing based on focaliza- 
tion. This approach permits declarative rules for coverage of pat- 
tern matching, as well as support for first-class existential types 
using a focalized subtyping judgment. We use refinement types to 
avoid explicitly passing equality proofs in our term syntax, making 
our calculus close to languages such as Haskell and OCaml. An 
explicit rule deduces when a type is principal, leading to reliable 
substitution principles for a rich type system with significant type 
inference. We also give a set of algorithmic typing rules, and prove 
that it is sound and complete with respect to the declarative system. 
The proof requires a number of technical innovations, including 
proving soundness and completeness in a mutually-recursive fash- 
ion. 

1. Introduction 

Consider a list type Vec with a numeric index representing its 
length, written in Haskell-like notation as follows: 

data Vec : Nat ->*->* where 

[] : A -> Vec 0 A 

(: :) : A -> Vec n A -> Vec (succ n) A 

We can use this definition to write a head function that always gives 

us an element of type A when the length is at least one: 

head : Vn, A. (Vec succ(n) A) — > A 

head (x :: xs) = x 

This clausal definition omits the clause for [] . which has an index 
of 0. The type annotation tells us that head’s argument has an index 
of succ(n) for some n. Since there is no natural number n such 
that 0 = succ(n), the nil case cannot occur and can be omitted. 

This is an entirely reasonable explanation for programmers, but 
language designers and implementors will have more questions. 
First, how can we implement such a type system? Clearly we 
needed some equality reasoning to justify leaving off the nil case, 
which is not trivial in general. Second, designers of functional 
languages are accustomed to the benefits of the Curry-Howard 
correspondence, and expect a logical reading of type systems to 
accompany the operational reading. So what is the logical reading 
of GADTs? 


Since we relied on equality information to omit the nil case, 
it seems reasonable to look to logical accounts of equality. In 
proof theory, it is possible to formulate equality in (at least) two 
different ways. The better-known is the identity type of Martin-Lof, 
but GADTs actually correspond best to the eaualitv of Schroeder- 
Heister ill 994) and [Girard! <t 1992b . The Girard-Schroeder-Heister 
(GSH) approach introduces equality via the reflexivity principle: 


r i- t = t 

The GSH elimination rule was originally formulated in a sequent 
calculus style, as follows: 

for all 9. if 0 €= csu(s, t) then 0(F) h 0(C) 

F, (s = t) h C 

Here, we write csu (s, t) for a complete set of unifiers of s and t. So 
the rule says that we can eliminate an equality s = t if, for every 
substitution 0 that makes the terms s and t equal, we can give a 
proof of the goal C. 

This rule has three important features, two good and one bad. 
First, the rule is an invertible left rule (the conclusion of the rule 
implies the premise, and it decomposes the assumptions to the 
left of the turnstile), which is known to correspond to a pattern 
matching rule llKrishnas wamil 12009 1 . This aligns with the use of 
GADTs in programming languages like Haskell and OCaml, which 
indeed use pattern matching to propagate equality information. 

Second, when there are no unifiers, there are no premises: if we 
assume an inconsistent equation, we can immediately conclude the 
goal. Specializing the rule above to the equality 0 = 1 , we get: 


F, (0 = 1 ) h C 

Together, these two features line up nicely with our definition of 
head, where the impossibility of the case for [] was indicated by 
the absence of a pattern clause. So the use of equality in GADTs 
corresponds perfectly with the Girard-Schroeder-Heister equality. 

Alas, we cannot simply give a proof term assignment for first- 
order logic and call it a day. The third important feature of the 
GSH equality rule is its use of unification: it works by treating the 
free variables of the two terms as unification variables. But type 
inference algorithms also use unification, introducing unification 
variables to stand for unknown types. So we need to understand 
how to integrate these two uses of unification, or at least how to 
keep them decently apart, in order to take this logical specification 
and implement type inference for it. 

This problem — formulating indexed types in a logical style, 
while retaining the ability to do type inference for them — is the 
subject of this paper. 

Contributions. The equivalence of GADTs to the combination 
of existential types and equality constraints has long been known 
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dXi et all2003l ). Our fundamental contribution is to reduce GADTs 
to standard logical ingredients, while retaining the implementability 
of the type system. We accomplish this by formulating a system 
of indexed types in a bidirectional style (combining type synthesis 
with checking against a known type), which combines practical 
implementability with theoretical tidiness. 

• Our language supports implicit higher-rank polymorphism (in 
which quantifiers can be nested under arrows) including exis- 
tential types. While algorithms for higher-rank universal poly- 
morphism are well-known (|Pe^ton i Jones_e£ i ^]j2007| i Dunfield 
and Krishnaswami l2013h . our approach to supporting existen- 
tial types is novel. 

Our system goes beyond the sta ndard practice of tying exis - 
tentials to datatype declarations dLaufer and Oderskvlll994l) . 
in favour of a first-class treatment of implicit existential types. 
This approach has historically been thought difficult, because 
the unrestricted combination of universal and existential quan- 
tification seems to require mixed-prefix unification (i.e., solv- 
ing equations under alternating quantifiers). We use the proof- 
theoretic technique of focusing to give a novel polarized subtyp- 
ing judgment, which lets us treat alternating quantifiers in a way 
that retains decidability while maintaining essential subtyping 
properties, such as stability under substitution and transitivity. 

• Our language includes equality types in the style of Girard and 
Schroeder-Heister, but without an explicit introduction form, 
for equality. Instead, we treat equalities as property types, in 
the style of intersection or refinement types: we do not write 
explicit equality proofs in our syntax, permitting us to more 
closely model how equalities are used in OCaml and Haskell. 

• Our calculus includes nested pattern matching, which fits neatly 
in the bidirectional framework, and allows a formal specifica- 
tion of coverage checking with GADTs. 

• Our declarative system tracks whether or not a derivation has a 
principal type. The system includes an unusual “higher-order 
principality” rule, which says that if only a single type can 
be synthesized for a term, then that type is principal. While 
this style of hypothetical reasoning is natural to explain to 
programmers, it is also extremely non-algorithmic. 

• We formulate an algorithmic type system (Section [5} for our 
declarative calculus, and prove that typechecking is decidable, 
deterministic 15.31 . and sound and complete (Sections[6}{7]» with 
respect to the declarative system. 

Our algorithmic system (and, to a lesser extent, our declarative 
system) uses_^m£_techni 2 ues_develo£ed_b^_Dunfield and Krish- 
naswami l2013h . but we extend these to a far richer type language 
(existentials, indexed types, sums, products, equations over type 
variables), and we differ by supporting pattern matching, polarized 
subtyping, and principality tracking. 

Appendix and proofs. The appendix has figures defining all the 
judgments, including some omitted here for space reasons. Full 
proofs are available from: 

github.com/joshuadunfield/lics39/raw/master/lics39_proofs.pdf 


2. Overview 

To orient the reader, we give an overview and rationale of the 
novelties in our type system, before getting into the details of 
the t yping rules and _^orithm_As_is i jvd!dbiown ii (Cheney and 
Hinze l2003l : IXi et al.ll2003^ ~ GADTs can be desugared into type 
expressions that use equality and existential types to express the 


return type constraints. These two features lead to all the key 
difficulties in typechecking for GADTs. 

Universal, existentials, and type inference. Practical typed func- 
tional languages must support some degree of type inference, most 
critically the inference of type arguments. That is, if we have a 
function f of type Va. a — > a, and we want to apply it to the ar- 
gument 3, then we want to write f 3, and not f [Nat] 3 (as we 
would in pure System F). Even with a single type argument, the 
latter style is noisy, and programs using even moderate amounts of 
polymorphism rapidly become unreadable. 

However, omitting type arguments has significant metatheoret- 
ical implications. In particular, it forces us to include subtyping 
in our typing rules, so that (for instance) the polymorphic type 
Va. a — > a is a subtype of its instantiations (like Nat — » Nat). 

For the subtype relation induced by polymorphism, subtype en- 
tailment is decidable (under modest restrictions). Matters get more 
complicated when existential types are added. Existentials are nec- 
essary to encode equality constraints in GADTs, but the naive com- 
bination of existential and universal types requires unification un- 
der a mixed prefix of alternating quantifiers dlVlillerll 1992f ). which 
is undecidable. Thus, programming languages traditionally have 
stringently restricted the use of existential types. They tie existen- 
tial introduction and elimination to datatype declarations, so that 
there is always a syntactic marker for when to introduce or elimi- 
nate existential types. This permits leaving existentials out of sub- 
typing altogether, at the price of no longer permitting implicit sub- 
typing (such as using Ax. x + 1 at type 3a. a — > a). 

While this is a practical solution, it increases the distance be- 
tween surface languages and their type-theoretic cores. Our goal is 
to give a direct type-theoretic account of the features of our surface 
languages, avoiding complex elaboration passes. The key problem 
in mixed-prefix unification is that the order in which to instantiate 
quantifiers is unclear. When deciding V h Va. A(a) < 3b. B(b), 
we have the choice to choose an instantiation for a or for b, so 
that we prove the subtype entailment V h A(t) < 3b. B(b) or 
the subtype entailment V h Va. A(a) < B(t). An algorithm will 
introduce a unification variable for a and then for b, or the other 
way around — and this choice matters! With the first order, b may 
depend on a, but not vice versa; with the second order, the allowed 
dependencies are reversed. Accurate dependency tracking amounts 
to Skolemization, which means we have a “reduction” to the unde- 
cidable problem of higher-order unification. 

We adopt an idea from polarized type theory. In the language 
of polarization, universals are a negative type, and existentials are 
a positive type. So we introduce two mutually-recursive subtype 
relations: T h A < + B for positive types and TEA < B 
for negative types. The positive subtype relation only deconstructs 
existentials, and the negative subtype relation only deconstructs 
universals. This fixes the order in which quantifiers are instantiated, 
making the problem decidable (in fact, rather straightforward). 

The price we pay is that fewer subtype entailments are deriv- 
able. Fortunately, all such entailments can be recovered by rj- 
expansions. Moreover, the lost subtype entailments seem to all rely 
on “clever” quantifier reversals (which are rare in programming). 
So we keep fundamental expressivity, yet gain decidability. 

Equality as a property. The usual convention in Haskell and 
OCaml is to make equality proofs in GADT definitions implicit. We 
would like to model this feature directly, so that our calculus stays 
close to surface languages, without sacrificing the logical reading 
of the system. In this case, the appropriate logical concepts come 
from the theory of intersection types. A typing judgment such as 
e : A x B can be viewed as giving instructions on how to construct 
a value (pair an A with a B). But types can also be viewed as 
properties, where e : X is read “e has property X”. To model 
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GADTs accurately, we treat equations t = t' using a property type 
constructor A A P, read “A with P”, to model elements of type 
A satisfying the property (equation) P. We also introduce PDA, 
read “P implies A”, for its adjoint dual. Then, standard rules for 
property types, which omit explicit proof terms, can explain why 
OCaml and Haskell do not require explicit equality proofs. 

Handling equality constraints through intersection types also 
means that certain restrictions on typing that are useful for decid- 
ability, such as restricting property introduction to values, arise nat- 
urally from the semantic point of view — via the value restriction 
needed for s oundly modeling intersection and union types ( Davies 
and Pfenning |2000i : lDunfield and Pfennindl2003l) .~ 

Bidirectionality, pattern matching, and principality. Something 
that is not, by itself, novel in our approach is our decision to formu- 
late both the declarative and algorithmic systems in a bidirectional 
style. Bidirectional checking iPierce and Turnei]|2000il is a popular 
implementation choice for system s ranging from depende nt types 
dCoauanJI 1 9961 : (Abel et alj|2008ll and contextual types dPientkal 
2008) to object-oriented languages dOderskv et al .11200 ill, b ut also 
has good proof-theoretic foundations (Wat kins et all 1 20041) . mak- 
ing it useful both for specifying and implementing type systems. 
Bidirectional approaches make it clear to programmers where an- 
notations are needed (which is good for specification), and can also 
remove unneeded nondeterminism from typing (which is good for 
both implementation and proving its correctness). 

However, it is worth highlighting that because both bidirection- 
ality and pattern matching arise from focalization, these two fea- 
tures fit together extremely well. In fact, by following the blueprint 
of focalization-based pattern matching, we can give a coverage- 
checking algorithm that explains when it is permissible to omit 
clauses in GADT pattern matching. 

In the propositional case, the type synthesis judgment of a bidi- 
rectional type system generates principal types: if a type can be 
inferred for a term, that type is unique. This property is lost once 
quantifiers are introduced into the system, which is why it is not 
muc h remarked upon. Howeve r, prior work on GADTs, starting 
with lSimonet and Pottieild2007t) . has emphasized the importance of 
the fact that handling equality constraints is much easier when the 
type of a scrutinee is principal. Essentially, this ensures that no ex- 
istential variables can appear in equations, which prevents equation 
solving from interfering with unification-based type inference. The 
Outsideln algorithm takes this consequence as a definition, permit- 
ting non-principal types just so long as they do not change the val- 
ues of equations. However. lYvtiniotis et al J ( j20 1 ill note that while 
their system is sound, they no longer have a completeness result for 
their type system. 

We use this insight to extend our bidirectional typechecking al- 
gorithm to track principality: The judgments we give track whether 
types are principal, and we use this to give a relatively simple speci- 
fication for whether or not type annotations are needed. We are able 
to give a very natural spec to programmers — cases on GADTs must 
scrutinize terms with principal types, and an inferred type is princi- 
pal just when it is the only type that can be inferred for that term — 
which soundly and completely corresponds to the implementation- 
side constraints: a type is principal when it contains no existential 
unification variables. 


3. Examples 

In this section, we give some examples of terms from our language, 
which illustrate the key features of our system and give a sense of 
how many type annotations are needed in practice. To help make 
this point clearly, all of the examples which follow are unsugared: 
they are the actual terms from our core calculus. 


Expressions e ::= x | () | Ax. e | e s + | rec x.v | (e : A) 

I (ei , e 2 ) | inj, e | inj 2 e | case(e, n) 

I □ I ei :: e 2 

Values v ::= x | 0 | Ax. e j rec x. v | (v : A) 

I (vi,v 2 ) I inj 1 v | inj,v ] [] | v, :: v 2 
Spines s ::= • | e s 

Nonempty spines s + ::= e s 

Patterns p ::= x | (pi, p 2 ) | inj, p | inj, p | □ | pi :: p 2 
Branches n ::= p =)> e 
Branch lists n ::= • | (n I n) 

Figure 1. Source syntax 

Mapping over lists. First, we begin with the traditional map func- 
tion, which takes a function and applies it to every element of a list. 

rec map. Af. Axs. case (xs, [] =#> [] 

I y :: ys =#> (f y) :: map f ys) 

: Vn : N. Va : *. V(B : *. (oc — > (3 ) — > Vec n a — » Vec n (B 

This code is simply a recursive function that case-analyzes its 
second argument xs. Given an empty xs, it returns the empty list; 
given a cons cell y :: ys, it applies the argument function f to the 
head y and making a recursive call on the tail ys. 

In addition, we annotate the definition with a type. We have two 
type parameters a and (3 for the input and output element types. 
Since we are working with length-indexed lists, we also have a 
length index parameter n, which lets us show by typing that the 
input and output to map have the same length. 

In our system, this type annotation is mandatory. Full type infer- 
ence for definitions using GADTs requires polymorphic recursion, 
which is undecidable. As a result, this example also requires anno- 
tation in OCaml and GHC Haskell. However, Haskell and OCaml 
infer polymorphic types when no polymorphic recursion is needed. 
We adopt the simpler rule that all pol ymorphic definitions a re an- 
notated. This choice is motivated bv lYvtiniotis et af] d2010l) . who 
analyzed a large corpus of Haskell code and showed that implicit 
let-generalization was rarely used: programmers tend to annotate 
polymorphic definitions for documentation purposes. 

Nested patterns and GADTs. Now, we consider the zip function, 
which converts a pair of lists into a list of pairs. In ordinary ML or 
Haskell, we must consider what to do when the two lists are not the 
same length. However, with length-indexed lists, we can statically 
reject passing two lists of differing length: 

rec zip. Ap. case(p, ([],[])=)> [] 

I (x :: xs, y :: ys) =¥ (x, y) :: zip (xs, ys)) 

: Vn : N. Va : *. V|3 : *. (Vec n a x Vec n |3) — > Vec n (a x |B) 

In this case expression, we give only two patterns, one for when 
both lists are empty and one for when both lists have elements, with 
the type annotation indicating that both lists must be of length n. 
Typing shows that the cases where one list is empty and the other 
non-empty are impossible, so our coverage checking rules accept 
this as a complete set of patterns. This example also illustrates that 
we support nested pattern matching. 

4. Declarative Typing 

Expressions. Expressions (Figure Q} are variables x; the unit 
value () ; functions Ax. e; applications to a spine e s + ; fixed points 
rec x.v; annotations (e : A); pairs (ei,e 2 ); injections into a 
sum type inj k e; case expressions case(e, n) where n is a list of 
branches n, which can eliminate pairs and injections (see below); 
the empty vector [] ; and consing a head e, to a tail vector e 2 . 
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Universal variables 

a, p,y 


Sorts 

K 

:= * | N 

Types 

A, B, C 

;= 1|A— >B|A + B|AxB 
| a | Va : k. A | 3a : k. A 
I P D A | A A P j Vec t A 

Terms/monotypes 

t,T,a 

:= zero | succ(t) | 1 | a 
| T — > ff I T+ tJ I T X cr 

Propositions 

P,Q 

= t = t' 

Contexts 

¥ 

= • ] ¥, a : k | ¥, x : Ap 

Polarities 

± 

= +1- 

Binary connectives 

® 

= -H + l x 

Principalities 

p,q 

= ! i 

sometimes omitted 


Figure 2. Syntax of declarative types and contexts 


checking, eq. elim. subtyping coverage 

¥/Pbe<t=Cp ¥ b A <± B ¥ h 11 covers A 


spine typing type checking match, eq. elim. 

’fhs: Ap » B q * ¥ b e <= A p ¥/PbTT::A<t=Cp 


\ 


principality-recovering 
spine typing 
¥ b s : A p » B fql 

V type synthesis 
e ^ B p 


\ / 

pattern matching 
¥ b FI :: A <= C p 


favour of the spine, so ei e 2 e 3 is parsed as the application of ei to 
the spine e 2 e 3 , which is technically e 2 (e 3 ■)• Patterns p consist 
of pattern variables, pairs, and injections. A branch 7t is a sequence 
of patterns p with a branch body e. We represent patterns as se- 
quences, which enables us to deconstruct tuple patterns. 

Types. We write types as A, B and C. We have the unit type 1, 
functions A — > B, sums A + B, and products A x B. We have 
universal and existential types Va : k. A and 3a : k. A; these are 
predicative quantifiers over monotypes (see below). We write a, 
p, etc. for type variables; these are universal, except when bound 
within an existential type. We also have a guarded type PDA, read 
“P implies A”. This implication corresponds to type A, provided P 
holds. Its dual is the asserting type A A P, read “A with P”, which 
witnesses the proposition P. In both, P has no runtime content. 

Sorts, terms, monotypes, and propositions. Terms and mono- 
types t, t, cr share a grammar but are distinguished by their sorts k. 
Natural numbers zero and succ(t) are terms and have sort N. Unit 
1 has the sort * of monotypes. A variable a stands for a term or a 
monotype, depending on the sort k annotating its binder. Functions, 
sums, and products of monotypes are monotypes and have sort *. 
We tend to prefer t for terms and cr, t for monotypes. 

A proposition P or Q is simply an equation t = t'. Note that 
terms, which represent runtime-irrelevant information, are distinct 
from expressions; however, an expression may include type anno- 
tations of the form PDA and A A P, where P contains terms. 

Contexts. A declarative context ¥ is an ordered sequence of uni- 
versal variable declarations a : k and expression variable typings 
x : Ap, where p denotes whether the type A is principal (Section 
14.2b . A variable a can be free in a type A only if a was declared to 
the left: a : *, x : ap is well-formed, but x : ap, a : * is not. 


Figure 3. Dependency structure of the declarative judgments 


¥h A < ± B 


Under context ¥, type A is a subtype of B, 
decomposing head connectives of polarity ± 


¥ b A type nonpos(A) nonneg(A) 

¥ b A < ± A 

¥ b A < B nonpos(A) nonpos( B) 


<Refl± 


¥ b A < + B 


¥ b A < + B 
nonneg(A) 


nonnegi B) 


¥ b t : k 


¥ b A < B 
¥ b [t/a] A <~ B 


¥ b Va:K. A < 
¥, a : k b A < + B 


B 


¥, 13 : k b A < B 

<VL — — = <VR 


¥ b 3a:x. A < + B 


<3L 


¥ b T : K 


¥bAC V(3 :k. B 
¥b A <+ [t/(3]B 


¥ b A < 3|3 :k. B 


OR 


4.1 Subtyping 

We give our two subtyping relations in Figure [4] We treat the 
universal quantifier as a negative type (since it is a function in 
System F), and the existential as a positive type (since it is a 
pair in System F). We have two typing rules for each of these 
connectives, corresponding to the left and right rules for universals 
and existentials in the sequent calculus. We treat all other types as 



In logical terms, functions and guarded types are negative; 
sums, products and assertion types are positive. We could poten- 
tially operate on these types in the negative and positive subtype 
relations, respectively. Leaving out (for example) function subtyp- 
ing means that we will have to do some q-expansions to get pro- 
grams to typecheck; we omit these rules to keep the implementation 
complexity low. This also illustrates a nice feature of bidirectional 
typing: we are relatively free to adjust the subtype relation to taste. 


Figure 4. Subtyping in the declarative system 


Values v are standard for a call-by- value semantics; the vari- 
ables introduced by fixed points are considered values, because we 
only allow fixed points of values. A spine s is a list of expressions — 
arguments to a function. Allowing empty spines (written •) is con- 
venient in the typing rules, but would be strange in the source syn- 
tax, so (in the grammar of expressions e) we require a nonempty 
spine s + . We usually omit the empty spine ■, writing e^ ei instead 
of ei e 2 ■■ Since we use juxtaposition for both application e s + and 
spines, some strings are ambiguous; we resolve this ambiguity in 


4.2 Typing judgments 

Principality. Our typing judgments carry principalities'. A ! means 
that A is principal, and A / means A is not principal. Note that a 
principality is part of a judgment, not part of a type. In the checking 
judgment ¥ b e (= A p the type A is input; if p = !, we know 
that e is not the result of guessing. For example, the e in (e : A) is 
checked against A !. In the synthesis judgment ¥ b e =V A p, the 
type A is output, and p = ! means it is impossible to synthesize 
any other type, as in ¥ b (e : A) =#■ A !. 

We sometimes omit a principality when it is / (“not principal”). 
We write p C q, read “p at least as principal as q”, for the reflexive 
closure of ! C /. 
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e chk-I 


Expression e is a checked introduction form 


Ax. e chk-I () chk-I (e ^ , ei) chk-I 


Figure 5. “Checking intro form” 


inj k e chk-I 


[] chk-I e\ :: e 2 chk-I 


'kb e 4= A p 


'kb e^Ap 


Vh s:Ap>Cq 
'kb s:Ap»C [q] 


Under context V, expression e checks against input type A 

Under context T, expression e synthesizes output type A 
Under context 'k, 

passing spine s to a function of type A synthesizes type C; 
in the [q] form, recover principality in q if possible 


'k b P true Under context V, check P 

— DecICheckpropEq 

V b (t = t) true 


x : Ap £ V 
¥b x#Ap 


DecIVar 


'kb ebAq 


¥b A < pol(B) B 


fbO 

¥b P true 


Declll 


v chk-I 


'kb ebBp 
V, a : k b vbAp 


IP 
Vb e 


A p 


Vb eb (AAP)p 
¥,x: Ap b vbAp 


DeclAI 


Vb vb (Vet : k. A) p 
v chk-I ¥/Pb v 


DecIVI 
b= A ! 


DecISub 

¥ 1 t:k 


VbA type 'kb e b A ! 
>kb (e : A) =)> A ! 

'kb es: [t/cc] A /> C q 


DeclAnn 


*kl- es: (Va. : k. A) p > C q 
Wb P true Vb es : Ap > C q 


DecIRec 


tk b v b (P D A) ! 
V, x : Ap b eb=Bp 


B p 


'k b rec x.vb Ap ¥b Ax. e 4= A 

for all C' . 

*kb s : A ! » C / if ¥ b s : A ! » C' / then C' = C 


Decl— >1 


Decl D I 

'kb e 


Vb es:(PDA)p>Cq 
Ap Vb s : Ap > C [q] 


DecIVSpine 
DeclDSpine 


>kb - :Ap»Ap 


'k b s : A ! » C [!] 


DeclEmptySpine 


DecISpineRecover 


'kb esbCq 
Vb s:Ap>Cq 


Decl— >E 


DecISpinePass 


>Fb ebAp 
¥b s:Bp>Cq 
¥b es:A-)Bp>Cq 


Decl— >Spine 


W/Pb e 4 = C p 


Under context 'k, incorporate proposition P 

and check e against C , , . 

m gu(tr, TJ = _L 


Tb s : Ap > C fq] 

¥ b e =b A ! 

<kb n :: A 4 = C p 
f b II covers A 

'k b case(e, IT) 4 = C p 


DecICase 


'k/(ff = x)b e 4 = Cp 


DecICheckX 


mgufcr, t) = 0 
efflb 9(e) 4= 9(C) p 
'k/(a = T)b e 4 =Cp 


DecICheckUnify 


Figure 6. Declarative typing, omitting rules for x , +, and Vec 


Spine judgments. The ordinary form of spine judgment, T b 
s : A p C q, says that if arguments s are passed to a 
function of type A, the function returns type C. For a function 
e applied to one argument ei , we write e ei as syntactic sugar 
for e (ei ■) . Supposing e synthesizes Ai — > A 2 , we apply 
|Decl— >Spine[ checking ei against Ai and using | Decl Em ptySpine| 
to deriv e 'kb ■ : A 2 p A 2 p. 

Rule |DeclVSpine| does not decompose e s but instantiates a V. 
Note that, even if the given type Va : k. A is principal (p = !), 
the type [t/cx] A in the pre mise is not pri ncipal — we could choose a 
different t. In fact, the q in |DeclVSpine| is also always /, because no 
rule deriving the ordinary spine judgment can recover principality. 

The recovery spine judgment 'k b s : A p > C [q], 
how ever, can rest ore principality in situations where the choice of 
t in |DeclVSpine| cannot affect the result type C. If A is principal 
(p = !) but the ordinary spine judgment p roduces a non-princi pal 
C, we can try to recover principality with |DeclSpineRecover| Its 
first premise is V b s : A ! ^> C /; its second premise (really, an 
infinite set of premises) quantifies over all derivations of 'k b s : 
A ! C 1 /. If C' = C in all such derivations, then the ordinary 
spine rules erred on the side of cauti on: C is actually prin cipal, so 
we can set q = ! in the conclusion of|DeclSpineRecover| 


If some C ; 7 ^ C, th en C is certainly not principal, and we must 
apply [DecISpinePass! which simply transitions from the ordinary 
judgment to the recovery judgment. 

Figure [3] shows the dependencies between the declarative judg- 
ments. Given the cycl e containing the spin e typing judgments, we 
need to stop and ask: Is |DeclSpineRecover| well-founded? For well- 
foundedness of type systems, we can often make a straightfor- 
ward argument that, as we move from the conclusion of a rule to 
its premises, either the expression gets s maller, or the expres sion 
stays the same but the type gets smaller. In |DeclSpineRecover| nei- 
ther the expression nor the type get smaller. Fortunately, the rule 
that gives rise to the arrow from “spine typing” to “type check- 
ing” in Figure [3]— Decl >Spine | — does decompose its subject, and 
any derivat ions of a recovery j udgment lurking within the second 
premise of Decl Spine Recover] must be for a smaller spine. In the 
appendix (Lemma ??, p. ??), we prove that the recovery judgment, 
and all the other declarative judgments, are well-founded. 


Example. Appendix [A] has an example showing how the spine 
typing rules work to recover principality. 

Subtyping. Rule lDecISubl invokes the subtyping judgm ent, at the 
polarity of B, the type being checked against. This allows lDecISubl 
to play the role of an existential introduction rule, by applying 
subtyping rule|<3R|when B is an existential type. 
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Pattern matching. Rule [DedCase] checks that the scrutinee has 
a principal type, and then invokes the two main judgments for 
pattern matching. The "T h [1 :: A 1= C p judgment checks 
that each branch in the list of branches Tf is well-typed, and the 
’1 h 11 covers A judgment does coverage checking for the list of 
branches. Both of these judgments take a vector A of pattern types 
to simplify the specification of coverage checking. 

The T F IT :: A <(= C p judgment (rules in the appendix's Fig- 
urel 15b systematically checks the coverage of each branch in IT: rule 
DecIMatchEmpty succeeds on the empty list, and DecIMatchSeq 
checks one branch and recurs on the remaining branches. Rules 
for sums, units, and products break down patterns left to right, one 
constructor at a time. Products also extend the sequences of pat- 
terns and types, with Decl Match x breaking down a pattern vector 
headed by a pair pattern (p , p ' ) , p into p , p ' , p , and breaking down 
the type sequence (A x B), C into A, B, C. Once all the patterns 
are eliminated, the DecIMatchBase rule says that if the body type- 
checks, then the branch typechecks. For completeness, the variable 
and wildcard rules are restricted so that any top-level existentials 
and equations are eliminated before discarding the type. 

The existential elimination rule DecIMatchH unpacks an exis- 
tential type, and Decl Match A breaks apart a conjunction by elim- 
inating the equality using unification. The DeclMatch_L rule says 
that if the equation is false then the branch always succeeds, be- 
cause this case is impossible. The DecIMatchUnify rule unifies the 
two terms of an equation and applies the substitution before con- 
tinuing to check typing. Together, these two rules implement the 
Schroeder-Fleister equality elimination rule. Because our language 
of terms has only simple first-order terms, either unification will 
fail, or there is a most general unifier. 

The h FI covers A judgment (in the appendix’s Figure 1 16b 
checks whether a set of patterns covers all possible cases. As with 
match typing, we systematically deconstruct the sequence of types 
in the branch, but we also need auxiliary operations to expand 
the patterns. For example, the IT FT operation takes every 
branch (p,p'), p =f> e and expands it to p,p', p =4> e. To keep 
the sequence of patterns aligned with the sequence of types, we 
also expand variables and wildcard patterns into two wildcards: 

x, p =£• e becomes , , p =#• e. After expanding out all the pairs, 

DecICoversx checks coverage by breaking down the pair type. 

For sum types, we expand a list of branches into two lists, 
one for each injection. So IT F1 l [| F1r will send all branches 
headed by inj, p into F1l and all branches headed by inj 2 p into 
FIr, with variables and wildcards being sent to both sides. Then 
DeclCovers+ checks the left and right branches independently. 

As with typing, DecICoversH just unpacks the existential type. 
Likewise, DecICoversEqBot and DecICoversEq handle the two 
cases arising from equations. If an equation is unsatisfiable, cov- 
erage succeeds since there are no possible values of that type. If 
it is satisfiable, we apply the substitution and continue coverage 
checking. 

These rules do not check for redundancy: DecICoversEmpty 
applies even when branches are left over. When [DeclCoversEmpty| 
is applied, we could mark the ■ =#> ei branch, and issue a warning 
for unmarked branches. This seems better as a warning than an er- 
ror, since redundancy is not stable under substitution. For example, 
a case over (Vec n A) with [] and :: branches is not redundant — 
but if we substitute 0 for n, the :: branch becomes redundant. 

Synthesis. Bidirectional typing is a form of partial type inference, 
which ITherce and Turned ( 120000 said should “eliminate especially 
those type annotations that are both common and silly”. But our 
rules are rather parsimonious in what they synthesize; for instance, 
0 does not synthesize 1, and so might need an annotation. Fortu- 


check equation instantiation 

F F ti = t 2 : k H A * Fha-t:KHA 


equiv. props. 
rbP=QHA 


equiv. types 
Tb A eBH A 


check prop. subtyping coverage 

Ft-P true -\ A n-A<: ± BHA FhFI covers A 



spine typing 

Fhs:Ap>BqHA 


type checking equality elim. 

rhet= ApHA f/s = t:K HA 1 


T 

principality-recovering 
spine typing 

Fhs:Ap>B f q~| HA 



pattern matching 
FI-n::A<t=CpHA 



type synthesis 
Fhe^BpHA 


Figure 7. Dependency structure of the algorithmic judgments 


nately, it would be straightforward to add such rules, following the 
style of lDunfield and Krishnaswaml (2013). 

5. Algorithmic Typing 

Our algorithmic rules closely mimic our declarative rules, except 
that whenever a declarative rule would make a guess, the algorith- 
mic rule adds to the context an existential variable (written with a 
hat &). As typechecking proceeds, we add solutions to the existen- 
tial variables, reflecting increasing knowledge. Hence, each declar- 
ative typing judgment has a corresponding algorithmic judgment 
with an output context as well as an input context. The algorithmic 
type checking judgment TI- e# Ap HA takes an input context 
T and yields an output context A that includes increased knowledge 
about what the types have to be. The notion of increasing knowl- 
edge is formalized by a judgment F — > A (Section[52j. 

Figure [7] shows a dependency graph of the algorithmic judg- 
ments. Each declarative judgment has a corresponding algorithmic 
judgment, but the algorithmic system adds judgments such as type 
equivalence checking T h A = B HA and variable instantiation 
T h & := t : k HA. Declaratively, these judgments correspond 
to uses of reflexivity axioms; algorithmically, they correspond to 
solving existential variables to equate terms. 

We give the algorithmic typing rules in Figure E3 rules for 
most other judgments are in the appendix. Our style of specifica- 
tion broadly follows iDunfield and Krishnaswamil ( 120131) : we adapt 
their mechanisms of variable instantiation, context extension, and 
context application (to both types and other contexts). Our versions 
of these mechanisms, however, support indices, equations over uni- 
versal variables, and the 3/D/A connectives. We also differ in our 
formulation of spine typing, and by being able to track which types 
are principal. The example in Appendix[A]shows how the algorith- 
mic spine typing rules work to recover principality. 

Syntax. Expressions are the same as in the declarative system. 

Existential variables. The algorithmic system adds existential 
variables &, (3 , y to types and terms/monotypes (Figure [8]) . We use 
the same meta- variables A, . . . for algorithmic types. We write u 
for either a universal variable x or an existential variable &. 

Contexts. An algorithmic context F is a sequence that, like a 
declarative context, may contain universal variable declarations 
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Universal variables 

P,Y 

Existential variables 

ft, 

Variables 

u ::= a | ft 

Types 

A, B, C ::= 1 | A -> B | A + B | A x B 
a | ft | Va : k. A | 3a : k. A 
I P D A | A A P | Vec t A 

Propositions 

P,Q ::= t = t' 

Binary connectives 

© ::= -> I + I x 

Terms/monotype s 

t, t, a ::= zero | succ(t) | 1 | a | ft 
|t— > cr|T+cr|'rxa' 

Contexts T, A, 0 ::= • | F, u : k | F, x : A p 

| F, ft : k = t | F, a = t | r, ►u 

Complete contexts 

0 ::= • | 0, a : k | 0, x : Ap 

| 0, ft : k = t | 0, a = t | 0, ►u 


Possibly-inconsistent contexts A x ::= A | _!_ 


[•]• 

[Q,x : Ap](T, x : A r p) 
[Q, a : k] (F, a : k) 

[£i, ►u]fr, 

[Q, a = t](r, a = t') 


[Q, & : k = t]F 


[Q]r, x : [Q]Ap if [D]A = [a]A r 

[D]r, a : k 
[ 0]r 

[[a]t/a] [a]r if[a]t = [a]t' 

( [a]F' when r = (r',& : K = t') 
( [n]r' when r = (r', & : k) 

1 Cl r otherwise 


Figure 10. Applying a complete context 0 to a context 


for contexts with a hole is useful: V = lo[0] means T has the 
form [Fl,0, Fr). For example, if F = To [|3] = (ft, |3,x : (3 ) , then 

r 0 [(3 = ft] = (ftj = ft,x:i3). 

5.2 The context extension relation V — > A 


Figure 8. Syntax of types, contexts, and other objects in the 
algorithmic system 


[r]a - when = e r 

( a otherwise 

in(PDA) = c [r] p l d ( [r] a) 
in (a a p) = an a) a an p) 
[r](A © bi = ar]A) © ([r]B) 
[r](Vec t A) = VecUDt) ([F]A) 


[F[& : K = t]] & = [Ht 

[r[ft: k]]& = & 

[r] (Vex : k. A) = Va : k. [F]A 
[r](3a : k. A) = 3a : k. [F]A 

[r](t, =t 2 ) = ([r]t 1 ) = ([r]t 2 ) 


Figure 9. Applying a context, as a substitution, to a type 


a : k and expression variable typings x : A p. However, it may also 
have (1) unsolved existential variable declarations ft : k (included 
in the F, u : k production); (2) solved existential variable declara- 
tions ft : k = t; (3) equations over universal variables a = t; and 
(4) markers ►u- 

An equation a = t must appear to the right of the universal 
variable’s declaration oc : k. We use markers as delimiters within 
contexts. For example, rule Dl adds ►p, which tells it how much 
of its last premise’s output context (A, ►p, A') should be dropped. 
(We abuse notation by writing ►p rather than cluttering the context 
with a dummy a and writing ►«.) 

A complete algorithmic context, denoted by 0, is an algorith- 
mic context with no unsolved existential variable declarations. 

Assuming an equality can yield inconsistency: for example, 
zero = succ(zero). We write A x for either a valid algorithmic 
context A or inconsistency ±. 

5.1 Context substitution [F]A and hole notation F[0] 

An algorithmic context can be viewed as a substitution for its 
solved existential variables. For example, ft = 1, p = ft— >1 can 
be applied as if it were the substitution 1 / 6t, (ft— >1)/|3 (applied 
right to left), or the simultaneous substitution 1/ft, ( 1 — >1 ) / (3 . We 
write [F] A for T applied as a substitution (Figure[9]l. 

Applying a complete context to a type A (provided it is well- 
formed: 0 h A type) yields a type [0]A with no existentials. 
Such a type is well-formed under the declarative context obtained 
by dropping all the existential declarations and applying 0 to 
declarations x : A (to yield x : [0] A). We can think of this context 
as the result of applying Cl to itself: [0]0. More generally, we can 
apply 0 to any context F that it extends: context application [0]T 
is given in Figure Qo] The application [0]T is defined if and only if 
T — > Cl (context extension; see Section 15^21 . and applying 0 to 
any such F yields the same declarative context [0]0. 

In addition to appending declarations (as in the declarative sys- 
tem), we sometimes insert and replace declarations, so a notation 


A context F is extended by a context A, written Y — > A, if A 
has at least as much information as F, while conforming to the 
same declarative context — that is, [O] F = [0]A for some Cl. In a 
sense, F — > A says that V is entailed by A: all positive information 
derivable from F can also be derived from A (which may have more 
information, say, that ft is equal to a particular type). We give the 
rules for extension in Figure[l4]in the appendix. 

Extension allows solutions to change, if information is pre- 
served or increased: (ft:*, (3 :* = ft) — > (ft : * = 1, (3 : * = ft) 
directly increases information about ft, and indirectly increases in- 
formation about |B. More interestingly, if A = (ft:* = 1, |3:* = ft) 
and 0 = (ft:* = 1, |3:* = 1), then A — > 0: while the solution 
of (3 in 0 is different, in the sense that 0 contains (3 : * = 1 while 
A contains (3 : * = ft, applying 0 to the solutions gives the same 
result: [0] ft = [0]1 = 1, which is the same as [0] 1 = 1. 

Extension is quite rigid, however, in two senses. First, if a 
declaration appears in F, it appears in all extensions of F. Second, 
extension preserves order. For example, if |3 is declared after ft 
in T, then (3 will also be declared after ft in every extension of 
F. This holds for every variety of declaration, including equations 
of universal variables. This rigidity aids in enforcing type variable 
scoping and dependencies, which are nontrivial in a setting with 
higher-rank polymorphism. 

5.3 Determinacy 

Given appropriate inputs (r, e. A, p) to the algorithmic judgments, 
only one set of outputs (C, q, A) is derivable (Theorem[5](Determi- 
nacy of Typing) in the appendix, p. mr We use this property (for 
spine judgments) in the proof of soundness. 

6. Soundness 

We show that the algorithmic system is sound with respect to 
the declarative system. Soundness for the mutually-recursive judg- 
ments depends on lemmas for the auxiliary judgments (instanti- 
ation, equality elimination, checkprop, algorithmic subtyping and 
match coverage), which are in Appendix lE.2l for space reasons. 

The main soundness result has six mutually-recursive parts, one 
for each of the checking, synthesis, spine, and match judgments — 
including the principality-recovering spine judgment. We omit the 
parts for the match judgments; see the appendix, p.1221 

Theorem 8 (Soundness of Algorithmic Typing). Given A — > 0: 

(i) IfY h e 4= A p HA and F h A p type 
then [0]A h [0]e 4= [0]A p. 

(if) IfY h e =4 A p HA then [0]A h [0]e =4 [0]A p. 

(Hi) If Y h s : Ap > B q HA and Y h A p type 
then [0]A h [0]s : [0]A p » [0]B q. 
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F b ebAp HA 


Fb ebAp HA 


Fb s:Ap>C() HA 
Tb s:Ap>C [q] HA 


Under input context F, expression e checks against input type A, with output context A 
Under input context F, expression e synthesizes output type A, with output context A 
Under input context F, 


passing spine s to a function of type A synthesizes type C; 
in the [~q] form, recover principality in q if possible 


(x: Ap) £ F 

rbxb [r]A pHF 


Var 


TbebAq H0 0 b A <: pol(B) B H A 


Fb ebBp HA 

II 


Sub 


Tb OblpHT 

v chk-I F a : k b v <(= A p HA, a : k, 0 
Tbvb Va : k. A p HA 

e not a case F b P true H 0 0h eb [0]A p HA 
Fb e b A A P p HA 

v chk-I F, ►p/P Hi T b P true H 0 

D\± 


Tb A! type V b e b [F] A ! H A 
r b (e : A) [A] A ! -I A 

lift 


Anno 


VI 


Al 


r[& : *] h () 4= St H T[ 6 t : * = 1] 

F, ft : k b e s : [&/a] A >Cq HA 


VSpine 


T b e s : Va : k. Ap > C q HA 

v chk-I r, >P /PH0 0bvb[0]AHA> P ,A' 
r b v b P 3 A ! HA 


m 


r b v b p d a ! nr 


0 b e s : [0]A p > C q HA F, x:ApbvbApHA,x:Ap,0 

DSpine — — ; — Rec 


Fb es:PDAp^>Cq HA 


T b rec x.vbAp HA 


F, x : Ap b ebBp -I A, x : Ap,0 F[&i:*, ot2:*, = &i— >&2]jX : b e 4= &•> H A, x : , A' 

->l =t-t — — >lft 


T b Ax. ebA-iBp HA 


F[& : *] b Ax. e b 6 t HA 


Tb ebAp H 0 
0b s:Ap>C [q] HA 

f b es b C q HA 


rbs:A!»C/HA 
FEV(C) =0 

F b s : A ! > C m HA 


SpineRecover 


Tb s:Ap>Cq HA 
((P =/3 or (q = n or (FEV(C)^i 
Tb s:Ap>C |"q] HA 


SpinePass 


EmptySpine 


The^ApH0 
0 b s : [0]B p > C q HA 


rb-:Aplg>ApHr Tb cs:A-)Bp>Cq HA 

F[ft 2 : *, &i :*,&:* = — > 6 ^ 2 ] b e s : (fti — > fo) 3> C HA 


— >Spine 


F[ft : *] b e s : S > C HA 


ftSpine 


Fb eb A! H 0 
0 b n :: [0]A b [0]C p H A 
A b Fi covers [A] A 
T b case(e, FT) b= C p HA 


Case 


Figure 11. Algorithmic typing, omitting rules for x, +, and Vec 


(iv) If V b s:Ap^>B |"q] HA and V b Ap type then 
[Q]Ab [0]s:[0]Ap»[0]B [q). 

Much of this proof is simply “turning the crank”: applying 
the induction hypothesis to each premise, yielding derivations of 
corresponding declarative judgments (with 0 applied to every- 
thing in sight), and apply ing the corresponding declarative rule; 
for exam ple, in the ISubl case we finish the proof by applying 
IDecISubl The|SpineRecover| case is interesting: we do fin ish by ap- 
plying Decl5pineRecover| but since |DeclSpineRecover| contains a 
premise that quantifies over all declarative derivations of a certain 
form, we must appeal to completeness! Consequently, soundness 
and completeness are really two parts of one theorem. 

These parts are mutually recursive — later, we’ll see that the 
|DeclSpineRecove7| case of completeness must appeal to soundness 
(to show that the algorithmic type has no free existential variables). 
We cannot induct on the giv en derivation alone, b ecause the deriva- 
tions in the “for all” part of |DeclSpineRecover| are not subderiva- 
tions. So we need a more involved induction measure that can make 
the leaps between soundness and completeness: lexicographic or- 
der with (1) the size of the subject term, (2) the judgment form, 
with ordinary spine judgments considered smaller than recovering 
spine judgments, and (3) the height of the derivation: 

/ ordinary spine judgment \ 

< e/s/TT, < , height(X>) \ 

\ recovering spine judgment / 


Proof sketch — |SpineRecover| case. By i.h. , [OJF b [OJs : 
[OJA ! )§> [OJC q. Our goal is to apply |DeclSpineRecove7| 
which requires that we show that for all C' such that [0J0 b 
s : [OJA ! C' /, we have C' = [OJC. Suppose we have such a 
C' . By completeness (Theoremfllll. F b s : [FJA ! C" q H A" 
where A" — > Cl" . We already have (as a subderivation) F b s : 
A ! )g> C / H A, so by determinacy, C " = C and q = / and 
A" = A. With the help of lemmas about context application, we 
can show C' = [Cl"]C" = [0”]C = [OJC. (Using completeness 
is permitted since our measure says a non-principality-restoring 
judgment is smaller.) 


7. Completeness 

We show that the algorithmic system is complete with respect 
to the declarative system. As with soundness, we need to show 
completeness of the auxiliary algorithmic judgments. We omit the 
full statements of these lemmas; as an example, if [OJft = [OJt 
and & ^ FV(t) then F b & := t : k HA. 

7.1 Separation 

To show comp leteness, we will ne ed to show that wherever the 
declarative rul e|DeclSpineRecover| is applied, we can apply the al- 
gorithmic rule |SpineRecover| Thus, we need to show that semantic 
principality — that no other type can be given — entails that a type 
has no free existential variables. 
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The principality-recovering rules are potentially applicable 
when we sta rt with a principal type A ! but produce C /, with 
|DeclVSpine| ch anging ! to/. Comp leteness (Thm.lTO will use the 
“for all" part of |DeclSpineRecover[ which quantifies over all types 
produced by the spine rules under a given declarative context [O] T. 
By i.h. we get an algorithmic spine judgment T F s : A' ! ^> 
C' / HA. Since A' is principal, unsolved existentials in C' must 
have been introduced within this derivation — thej' can't be in F al- 
ready. Thus, we might have ft : * F s:A' ! ;^> |3 / H ft : |3 : * 

where a |DeclVSpine| subderivation introduced (3, but Si can't appear 
in C'. We also can’t equate ft and |B in A, which would be tanta- 
mount to C' = ft. Knowing that unsolved existentials in C' are 
“new” and independent from those in T means we can argue that, 
if there were an unsolv ed existential in C \ it would correspond to 
an unforced ch oice in a|DeclVSpine| subderivation, invalidating the 
“for all” part of |DeclSpineRecover| Formalizing claims like “must 
have been introduced” requires several definitions. 

Definition 1 (Separation). 

An algorithmic context T is separable into l\ * r R if (I) T = 
(Tl, T r ) and (2) for all (ft : k = t) € Tr it is the case that 
FEV(t) C dom(T R ). 

If f is separable into Tl * Tr, then Fr is self-contained in the 
sense that all existential variables declared in Fr have solutions 
whose existential variables are themselves declared in Fr. Every 
context T is separable into • * T and into T * ■. 

Definition 2 (Separation-Preserving Extension). 

The separated context Fl * Tr extends to Al * Tr, written 
(Fl * Fr) “*“> (Al * Ar), if (Fl, Tr) — > (Al, Ar) 
and dom(FL) C dom(AL) anddom(FR) C dom(AR). 

Separation-preserving extension says that variables from one 
side of * haven’t “jumped” to the other side. Thus, Al may add 
existential variables to Tl, and Ar may add existential variables to 
Tr, but no variable from Tl ends up in Ar and no variable from Fr 
ends up in Al. It is necessary to write (Fl * Tr) - (Al * Ar) 
rather than (Tl * Tr) — t (Al * Ar), because only - *-> includes 
the domain conditions. For example, (ft * (3) — > (ft, |3 = ft) * ■, 
but (3 has jumped to the left of * in the context (ft, (3 = ft) * •. 

We prove many lemmas about separation, but use only one of 
them in the subsequent development (in the |DeclSpineRecove7| 
case of typing completeness), and then only the part for spines. It 
says that if we have a spine whose type A mentions only variables 
in Tr, then the output context A extends F and preserves separation, 
and the output type C mentions only variables in Ar: 

Lemma (Separation — Main). 

If Fl*Fr Fs:Ap»CqHA orFL*rR h s: Ap > C (q) HA 
and Fl * Fr F A p type and FEV(A) C dom(FR) then A = (Al * 
Ar) and (Tl * Tr) — (Al * Ar) and FEV(C) C dom(AR). 

7.2 Completeness of typing 

Like soundness, completeness has six mutually-recursive parts. 
Again, the match judgments are in the appendix, p.1221 
Theorem 11 (Completeness of Algorithmic Typing). 

Given V — > Cl such fhatdom(r) = dom(O): 

(i) If T F A p type and [0]F h [Cl]e 4= [fl] A p and p' C p 
then there exist A and Cl' such that A — > Cl' anddom(A) = 

dom(Q') and Cl — > Cl' and F h e 4= [r]A p' HA. 

(ii) If V h Ap type and [0]F F [Cl]e =#• A p then there 

exist A, Cl', A', and p' C p such that A — > Cl' and 
dom(A) = dom(O') and Cl — > Cl' 

and T F e =)• A' p' H A and A' = [A]A'andA= [Q']A'. 

(Hi) If F F Ap type and [Q]F F [Cl]s : [fl] A p > B q and 

p 1 * * * * * C p then there exist A, Cl', B', and q 1 C q such that 


A — > Cl' and dom(A) = dom(fl') and fl — > Cl' and 
T F s : [F]A p' > B' q' H A and B' = [A] B 7 and 
B = [a']B'. 

(iv) As part (iii), but with )$> B |"q] - - - and B ' [q '] ■ ■ ■ . 

Proof sketch — |DeclSpineRecoveT| case. By i.h., F F s : [F]A ! 3> 
C' / H A where A — -4 fl and fl — > fl' and dom(A) = 
dom(fl') and C = [fl']C'. 

To apply [^pineRecover] we need to show FEV([A]C') = 0. 
Suppose, for a contradiction, that FEV([A]C') yf 0. Construct 
a variant of fl' called CI 2 that has a different solution for some 
ft E FEV([A]C'). By soundness (Thm. [U}, [O. 2 ] E F [O. 2 ] s : 
[fl 2 ]A ! S> [H 2 ] C ' /. Using a separation lemma with the trivial 
separation F = (F * •) we get A = (Al * Ar) and (F * ■) — *-> 
(A l * Ar) and FEV(C') C dom(AR). That is, all existentials 
in C' were introduced within the derivation of the (algorithmic) 
spine judgment. Thus, applying CI 2 to things gives the same result 
as fl, except for C', giving [fl] F F [fl] s : [11] A ! )$> [O. 2 ] C / /. 
Now instantiate the “for all C 2 ” premise with C 2 = [O. 2 ] C / , giving 
C = [H 2 ] C '. But we chose CI 2 to have a different solution for 
ft E FEV(C'), so we have C yf [T^C': Contradiction. Therefore 
FEV( [A]C') = 0, so we can apply |S pi neRecover| 

8. Discussion and Related Work 

A staggering amount of work has been done on GADTs and in- 
dexed types, and for space reasons we cannot offer a comprehen- 
sive survey of the literature. So we compare more deeply to fewer 
papers, to communicate our understanding of the design space. 

Proof theory and type theory. As described in Section [I] there 
are two logical accounts of equality — the ident i ty typ e of Martin- 
Lofand the equality type of Schroeder-I leister! d 19941) an d[G irard 
dl992l) . The Girard/S chroeder-Heister equality has a more direct 
connection to pattern matching, which is why we make use of it. 
ICoauancfl dl99a) pioneered the study of pattern matching in de- 
pendent type theory. One perhaps surprising feature of Coquand’s 
pattern-matching syntax is that it is strictly stronger than Martin- 
Lof’s eliminators. His rules can derive the uniqueness of identity 
proofs as well as the disjointness of constructors. Constructor dis- 
jointness is also derivable from the Girard/Schroeder-Heister equal- 
ity, because there is no unifier for two distinct constructors. 

In future work, we hope to study the relation between these two 
notions of equality in more depth; richer equational theories (such 
as the theory of commutative rings or the |3ri -theory of the lambda 
calculus) do not have decidable unification, but it seems plausible 
that there are hybrid approaches which might let us retain some 
of the convenience of the G/SH equality rule while retaining the 
decidability of Martin-Lof ’s J eliminator. 

Indexed and refinement types. Dependent ML dXi and Pfenning! 
1999) indexed programs with propositional constraints, extending 
the ML type discipline to maintain additional invariants tracked by 
the constraints. DML collected constraints from the program and 
passed th em to a constr aint solver, a techni que used by systems like 
Stardust (lDunfieldl2007l) and liquid types dRondon et alJl2008h . 

[From phantom types to GADTs. Leiien and Meiier] d 19991) in- 
troduced the term phantom type to describe a technique for pro- 
gramming in ML/Haskell where additional type parameters are 
used to constrain when values are well-typed. This idea proved to 
have many a pplications, ranging from foreign f unction interfaces 
dBlumel l200ll) to encoding Java-style subtyping (Flu et and Pucellal 
120061) . Phantom types allow constructing values with constrained 
types, but do not easily permit learning about type equalities by 
anal yzing them, putting applicatio ns such as intensional type anal- 
ysis (Harper and Morrisett 1995) out of reach. Both Cheney and 
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Hinze ( i2003l) and Xi et alj 12003 ) proposed treating equalities as 
a first-class concept, giving explicitly-typed calculi for equalities, 
but without studying algorithms for type inference. 

Simonet and Pottier ( 12007 ) gave a constraint-based algorithm 
for type inference for GADTs. It is this work which first identi- 
fied the potential intractibility of type inference arising from the 
interaction of hypothetical constraints and unification variables. To 
resolve this issue they introduce the notion of tractable constraints 
(i.e., constraints where hypothetical equations never contain exis- 
tentials), and require placing enough annotations that all constraints 
are tractable. In general, this could require annotations on case ex- 
pressions, so subsequent work focused on relaxing this require- 
ment. Though quite different in technical detail, stratified infer- 
ence (lPottier and Regis-Gianasl 1 200a) a nd wobbly types (Peyton 
Jones et al. 1 20061 ) both work by pushing type information from an- 
notations to case expressions, with stratified type inference literally 
moving annotations around, and wobbly types tracking which parts 
of a type have no unificati on variable^. Modern GHC uses the Out- 
sideln algorithm iVvtiniotis et al.ll201ll ). which further relaxes the 
constraint: as long as case analysis cannot modify what is known 
about an equation, the case analysis is permitted. 

In our type system, the checking judgment of the bidirectional 
algorithm serves to propagate annotations, and our requirement 
that the scrutinee of a case expression be principal ensures that 
no equations contain unification variables. This is close in effect 
to stratified types, and is less expressive than Outsideln. This is 
a deliberate design choice to keep the declarative specification 
simple, rather than an inherent limit of our approach. To specify the 
Outsideln approach, the case rule in our declarative system should 
permit scrutinizing an expression if all types that can be synthesized 
for it have exactly the same equations, even if they differ in their 
monotype parts. We thought such a spec is harder for programmers 
to develop an intuition for than simply saying that a scrutinee must 
synthesize a unique type. However, the tech nique we use — highe r- 
order rules with implicational premises like |DeclSpineRecover] — 

should work for t his case. 

More recentlv. lGarrigue and Remvl ( l2013t ) proposed ambivalent 
types, which are a way of deciding when it is safe to generalize 
the type of a function using GADTs. This idea is orthogonal to 
our calculus, simply because we do no generalization at all: ev- 
ery polymomhicfonction_t^es - ^n^nnotationMIowever 4i Garrigue 
and Rcmv TTo 1 3ll also° emphasize the importance of monotonicity, 
which says that substitution should be stable under subtyping, that 
is, giving a more general type should not cause subtyping to fail. 
This conditi on is satisfied by our bidirectional system. 

Karachalias et al. ( 2015 ) developed a coverage algorithm for 
GADTs that depends on external constraint solving; we offer a 
more self-contained but still logically-motivated approach. 

Extensions. To keep our formalization manageable, we left out 
some features that would be desirable in practice. In particular, 
we need (1 ) type c onstructors which take arguments and (2) recur- 
sive types <tPierceii2002L chapter 20). The primary issue with both 
of these features is that they need to permit using existentials and 
other “large” type connectives, and our system seemingly relies on 
monotypes (which cannot contain such connectives). This limita- 
tion should create no difficulties in typical practice, if we treat user- 
defined type constructors, such as List, as monotypes and expand 
the definition only as needed: when checking an expression against 
a user type constructor, and when demanded by pattern matching. 
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Appendix: LICS submission 39 

This file contains rules, figures and definitions omitted in the main paper for space reasons, as well as statements of theorems and a few 
selected lemmas. Statements of all lemmas, and complete proofs, are in another, much longer, file: 

gitlmb.com/joshuadunfield/lics39/raw/master/lics39_proofs.pdf 


A. Additional Examples 

A.l Spine recovery 

Suppose we have an identity function id, defined in an algorithmic context T by the hypothesis id : (Va : *. a — > a) !. Since the hypothesis 
has !, the type of id is known to be principal. If we apply id to the unit 0 , we expect to get something of unit type 1. Despite the V quantifier 
in the type of id, the resulting type should be principal, because no other type is possible. We can indeed derive that type in our system: 

(id : (Voc : *. a — > a) !) 6 f [ __ 1 

H id4(Va:*.a^«)! I F ^ Fb (()•): (Va a -><x) !» 1 |T| 

rv id (o •) =v i i v r,a : * = 1 50 

(Here, we write the application id 0 as id ( () ■), to show the structure of the spine as analyzed by the typing rules.) 

In the derivation of the second premise of 1 > El shown below, we can follow the evolution of the principality marker. 


r,&:*b () 4= a/ H r,&:* = 1 


EH 


r,&:* = lb ■:!/>!, 


r, a : * b (o •):&—> a / > 1 / h r, a : * = 1 

r b ( () ■) : (Va : *. a — > a) ! » 1 / H & : * = 1 


1 — >Spine| 


- |VSpine| 


FEV(l) = 0 


fb (() ■) : (Va:*. a 


a)^__»l \'.\\ br,a : * = i 

input 


|SpineRecover| 


• The input principality (marked “input”) is !, because the input type (Va : *. a — > a) was marked as principal in the hypothesis typing id. 


• Rule 


SpineRecover| begins by invoking the ordinary (non-recovering) spine judgment, passing all inputs unchanged, including the 


principality I 


• Rule |VSpine| adds an existential variable & to represent the instantiation of the quantified type variable a, and substitutes cl for a. Since 
this instantiation is, in general, not principal, it replaces ! with / (highlighted) in its premise. This marks the type cl — > a as non-principal. 


• Rule | — »Spine| decomposes & — > cl and checks () against &, maintaining the principality /. Once principality is lost, it can only be 
recovered within the |SpineRecover| rule itself. 

• Rule [lTa] notices that we are checking () against an unknown type cl; since the expression is (), the type 6t must be 1, so it adds that 
solution to its output context. 


• Moving to the second premise ol j— >Spine| we analyze the remaining part of the spine. That is just the empty spine •, and rule |EmptySpine| 
passes its inputs along as outputs. In particular, the principality / is unchanged. 


• The principalities are passed down the derivation to the conclusion of |VSpine| where / is highlighted. 

• In |SpineRecover[ we notice that the output type 1 has no existential variables (FEV(l) = 0), which allows us to recover principality of 
the output type: [!]. 


In the corresponding derivation in our declarative system, we have, instead, a check that no other types are derivable: 


Vb Obi/ 


I Peel 1 1 1 


Vb •:!/>!/ 


¥b 1:* 


Vb (()•): 1 


1 / » 1 , 


Vb (().):(Va:*.«-ta]!»l/ 


|DeclEmptySpine] 

- |Decl^Spine| 

- |DeclVSpine| 


for all C' . 

if Tb (() ■) : (Va:*. a- 
then C' = 1 


a) ! > C' 


¥b (() •) : (Va:*. a -> a) ! > 1 [!] 


- |DeclSpineRecover| 


input 


Here, we highlight the replacement in |DeclVSpine| of the quantified type variable a by the “guessed” solution 1. The second prem ise of 
|DeclSpineRecove7|checks that no other output type C ' could have been produced, no matter what solution was chosen by|DeclVSpine|for a. 


B. Additional Notation 

Our proofs use some additional notation not described in the main paper: 

Two-hole contexts. Occasionally, we also need contexts with two ordered holes: 

T = TotOiKOz] means F has the form (Fl, 0i , Fm, 02 , Tr) 
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C. Context Extension 

The rules deriving the context extension judgment (Figure IT4t say that the empty context extends the empty context ( — tld); a term 
variable typing with A' extends one with A if applying the extending context A to A and A' yields the same type ( — >Var); universal 
variable declarations and equations must match ( — tUvar, — >Eqn); scope markers must match ( — ^Marker); and, existential variables may 
either match ( — ^Unsolved, — tSolved), get solved by the extending context ( — tSolve), or be added by the extending context ( — >Add, 
— >AddSolved). 


D. Figures 


Vh e(=Ap 


We repeat some figures from the main paper. In Figures[6}i andll lh. we 

Under context ¥, expression e checks against input type A 
Under context V, expression e synthesizes output type A 
Under context ¥, 

passing spine s to a function of type A synthesizes type C 


Vh e^Ap 


include rules omitted from the main paper for space reasons. 

Under context ¥, check P 


¥ b P true 


¥ b s:Ap>Cq 
Vh s:Ap>C [q] 


Vh (t = t) true 


IDecICheckpropEq] 


x : Ap £ ¥ 
Th x =f> A p 


IDecIVarl 


in the [q] form, recover principality in q if possible 
¥l-e4Aq fhA < pol(B) B 


VhO 

f h P true 


■ lp 
Vh e 


I Peel 1 1 1 


v chk-1 


Th ef=Bp 
¥, a : k b vb Ap 


: A p 


¥ 1 ef= (AAP)p 

¥, x : Ap b vbAp 
¥ b rec x.vbAp 

¥ b s : A ! » C / 


IDeclAII 


¥bvb(Va:,A)p 

v chk-I ¥ / P b v 4= A ! 


IDecISubl 

¥ b x : K 


¥ b A type ¥bebA! 
¥ b (e: A) =4 A! 

¥ b e s : [t/oc] A /> C q 


IDeclAnnol 


¥ b e s : (Va : k. A) p > C q 


|DeclVSpine| 


¥ b v 4= (P D A] ! 


IPeclDll 


¥ b P true ¥b es : Ap > Cq 


. , ¥,x:Apb ebBp 

l DeclRec l u,l_ ... „ ^ x — r-5P:l Decl ^ | l 


¥ b Ax. e 

for all C'. 

if ¥ b s : A ! » C' 


: A. — t B p 

then C' = C 


¥ b es:(PDA)p>Cq 
¥ b eb Ap ¥ b s : A p > C [q] | De d^E l 


|DeclpSpine| 


¥ b s : A ! > C [!] 


IDecISpineRecover] 


¥ b esbCq 
¥ b s:Ap>Cq 


¥ b s:Ap>C[q] 


|DeclSpinePass| 


¥ b - :Ap»Ap 

¥ b e 4= A k p 
¥ b inj k e 4= Ai + A 2 p 


¥ b ebAp 

. . ¥ b s:Bp>Cq 

| DedEmptySpine | — es:A ^ Bp -^ Cq | p eol^S P ine| 


Decl+lv 


W h ei Ai p W h ez Az p 
¥ b (ei , ei) 4= Ai xA 2 p 


Declxl 


¥ b t = zero true 
¥ b [] 4 = (Vec t A) p 


DecINil 


¥ b t = succ (t 2 ) true ¥b ei b Ap ¥ b e 2 b (Vec t 2 A) / 
¥ b e 2 :: e 2 4= (Vec t A) p 

¥ b e =#• A ! 

¥ b n :: A 4= C p 
¥ b FI covers A 
¥ b case(e, FT) 4= C p 


DecICons 


IDecICasel 


¥/Pb e4=Cp 


Under context ¥, incorporate proposition P 
and check e against C 


mgu(g, t) = J_ 

¥ / (a = t) b eb Cp 


IDeclCheck_LI 


mgu(cj, t) = 0 
9(¥) b 0(e) 4= 9(C) p 
¥/(cr = T)b ebCp 


IDecICheckUnify) 


Figure|6}t. Declarative typing, including rules omitted from 


mam paper 


12 


2016/1/21 


P b ebAp HA 


bb ebAp HA 


Pb s:Ap>C() HA 
fb s:Ap>C [q] HA 


Under input context P, expression e checks against input type A, with output context A 
Under input context P, expression e synthesizes output type A, with output context A 
Under input context P, 


(x: Ap) £ P 

rbr4 [r]A pHP 


[vjE 


passing spine s to a function of type A synthesizes type C; 
in the |"q] form, recover principality in q if possible 

fbebAq H0 0b A<: pol(B| B HA 


TI- ebBp HA 

in 


ISubl 


Pb OblpHP 
v chk-I r,it: Kb vb Ap HA,«:k, 0 
Tb vb Vot : k. A p HA 

e not a case P b P true H 0 0b eb [0]A p HA 


r b A ! type Tb eb [P]A ! H A 
r b (e : A) =b [A] A ! -I A 

EH 


lAnnol 


Pb e b A A P p HA 
v chk-I T, ►p / P H _L 


ED 


ED 


r[& : *] b o 4= a h r[a : * = i] 

P, & : k b e s : [6t/cc] A >Cq HA 


|VSpine| 


T b e s : Va : k. Ap > C q HA 
v chk-I r,».p/PH0 0bvb[0]A!HA,> P ,A' 


Pb v 


m 


T b P true H 0 


T b v b P D A ! HA 
0 b e s : [0] A p > C q HA 


m 


P, x: Aph ebBp -I A, x:Ap,0 


ED 


- |Z)Spine| 


T b rec x.vb Ap HA 
P[&i & 2 : *> (V* = &i — 1 ^ 2 ] > x : 6ii b Eb &2 H A, x : , A / 


! H P Tb es:PDAp>Cq HA 

P, x : Ap b vbAp H A,x : Ap,0 


T b Ax. e b A — >Bp HA 


T[& : *] b Ax. ebS HA 


EH 


Tb eb Ap H 0 
0b s:Ap>C [q] HA 
f b es b C q HA 


EB 


Tb ■ : Ap » Ap HP 
T b e b Ak p HA 


rbs:A!»C/HA 
FEV(C) = 0 

P b s : A ! > C |T| HA 


|EmptySpine| 


|SpineRecover| 


Tb s:Ap>Cq HA 
((P =/) or (q = !) or (FEV(C) + 0)) 
Tb s:Ap>C |"q] HA 


|SpinePass| 


Ph eb Ap H 0 
0 b s : [0]B p > C q HA 


| — >Spine| 


+U 


r b inj k e 4= Ai + A 2 p HA 
r b ei b Ai p H 0 0 b e2b [0]A2 p HA 


Tb es:A^Bp>Cq HA 

T[&i : &2 :*,&:* = &i +&. 2 ] b eb &k H A 

P[6t : *] b inj k e 4= & HA 


+l& k 


xl 


r[& 2 :*, &i:*, &'.* = &i X& 2 ] b ei b ^1 H 0 

0be 2 b [0]& 2 H A 


T b (ei , 62 } 4= Aj x A 2 p H A T[& : *] b (ei , e 2 ) 4= & HA 

r b t = zero true H A 


xl& 


Nil 


P, ►&, & : N b t = succ(&) true H P ; 


P b [] 4= (Vec t A) p HA 
F'h e, b [r'lAp H0 0 b e 2 


[0](Vec&A)/ HA, ►&, A' 


T b ei :: e 2 b= (Vec t A) p HA 
P [&2 : &i :*,&:* = &i — b e s : (&i — C HA 


P[& : *] b e s : ft > C HA 


- |«Spine| 


P b eb A! H 0 
0 b n :: [0]A 4= [0]Cp H A 
A b PI covers [A] A 

T b case(e, PI) 4= C p HA 


Cons 


ICasel 


Figure ITTh. Algorithmic typing, including rules omitted from 


mam paper 
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A 


T is extended by A 


■El 


A [A] A = [A] A' _ 

7 1 — >Var| 


A [A]t = [A]t' 

— E»Eqn] 


T, x : A p — } A, x : A p 

r — > A 


- I — )Uvarl 


T, a = t — > A, a = t 
r — » A 


I") 6t : k — > A, & : k 


I — > Unsolved I 


F, a : k — » A, a : k 
r — > A [A]t = [A]t' 


T, j3 : k' — > A, p : k' = t 


I — iSolvel 


T > A, & : K 


I — >Addl 


A, & : k = t 


r, & : k = t — > A, & : k = t 

r — > a 

I — i AddSolvedl 


p> ►u 1 A, ► 


7 1 — iSolvedl 

f — >Markerl 


Figure 14. Context extension 


¥h T7 :: A 4= C p 


Under context V, 

check branches 17 with patterns of type A and bodies of type C 


V b ■ A <= C p 

Vh e 4= Cp 
V F (• =4 e) :: • 4= C p 

V, a : k b p => e :: A, A • 


|Decl Match Empty] 
IDecIMatchBasel 


V b 7t :: A 4= C p T 1 h il :: A C p 
Vh (7t I TT) :: A 4= C p 

VI- p=4e::A4=Cp 


|DeclMatchSeq| 


DecIMatchUnit 


Cp 


VI- (p =4 e) :: (3a: k. A), A 4= C p 
VI- p, p =4 e :: Ak, A 4= C p 


IDecIMatchbl 


Vb (),p4e::l,A^Cp 

Vh pi , P 2 , p =4 e :: Ai , A2, A 4= C p 


Vh inj k p, p 


DecIMatch+k 


Vh (pi , P 2 }, p =4 e :: (Ai x A2), A 4= C p 
V/Pb p4e:: A,A4Cp 


|DeclMatchx| 


e :: Ai + A2, A 4= C p 

V / (t = zero) b p => e :: A 


VI- p =4- e :: (A A P), A 4= C p 
C p 


IDecIMatchAI 


DecIMatchNil 


VI- [],p =4 e :: (Vec t A), A 4= Cp 

V, a : N / (t = succ(a) ) I- pi , p2, p =4 e :: A, (Vec a A), A 4= Cp 
VI- (pi :: p 2 ), p =4 e :: (Vec t A), A 4= C p 


DecIMatchCons 


A not headed by A or 3 V, x : A ! b p=>e"A4=Cp 
VI- x, p 4 e :: A, A 4 = C p 


DecIMatchNeg 


A not headed by A or 3 Vhp=>e::A4=Cp 


Vb 


e :: A, A 4 = C p 


DecIMatchWild 


V/Pb 77 :: A 4= C p 


Under context V, incorporate proposition P while checking branches 17 
with patterns of type A and bodies of type C 


mgu(ff, t) = J_ 

V / ff = rb p 4 e :: A 4= C p 


IDecIMatchAI 


mgu(cr,T) = 0 0(V) b 0(p =4 e) :: 0(A) 4= 0(C) p 

V / cr = t b p 4 e :: A 4= C p 


|Decl Match Unify] 


Figure 15. Declarative pattern matching 
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^ h TT covers A Patterns TT cover the types A in context W 


W / P \~ Y\ covers A 


Patterns TT cover the types A in context W, assuming P 


|DeclCoversEmpty1 


rr var ft' 

II ^ II 


W \~ TT' covers A 


W h (• =>• e -\ ) I TT / covers • 

TT 'i* n' ¥ h TT' covers A 

- DecICoversl 

W h TT covers 1, A 

TT TTl || TTr W \~ TTl covers Ai , A W h TTr covers A 2 , A 


M 7 h TT covers A, A 
nin 1 'Vh n' coveri a,,a 2) a 


DecICoversVar 


M 7 h TT covers (Ai + A2), A 


|DeclCovers+| 


W h TT covers (Ai x A 2 ), A 

W, a : k h TT covers A, A 


^ h TT covers (3a : k. A), A 


| Peel Covers x | 

[DeclCovers3l 


^ / ti = t 2 h TT covers Aq, A 
^l 7 1 TT covers (Ao A (ti = t 2 )) , A 


DecICoversA 


TT TT [] || TT :: W / t = zero h- TT[] covers A W y n : N / t = succ(ri) h TT :: covers (A, Vec n A, A) 

M 7 h TT covers tA, A 

0 = mgu(ti,t 2 ) 0 (^P) h 0 (TT) covers 0(A) . 


DecICoversVec 


W / t-\ = tz V\ covers A 


- |DeclCoversEq| 


mgu(t 1 ,t 2 ) = -L 
W / ti = t 2 TT covers A 


IDecICoversEgBot] 


n Xs n n II tt.. 


Expand vector patterns in TT 


pe{x,_} n” c n n ||n :: 


tt Xf? n n || n :: 


(p, p => e) | TT (_, p => e) | TT|j || (_, p => e) I TT :: 

tt Xs n n || n :: 

((p :: p', p => e) I TT Xf> tTq || (p, p', p => e) I TT :: 


(D, p => e) | TT (p=^ e ) I TT [, || n :: 


n ^ tt' 


Expand head pair patterns in TT 


TT n' 


P G {z,_} n ^ TT' 


n ^ n T 


n s 


«Pl , P 2 >, P => e) I n (p, , P 2 , P => e) I n' 

Expand head sum patterns in TT into ieft TTl and right TTr sets 

P € {*,_} TT TT l || TT r 

(p, P =$■ e) I n -±> (_, p => e) I TT l || (_, p => e) I n R 

TT n L II n R 


(p, p =$■ e) | TT p => e) I TT' 


TT TTl II TTr 

(inj, p,p4e)ini (p, p e) 1 n L || n R 


(inj 2 Pi P e) I TT TT L || (p,p=T e) I TTr 


TT ™ TT' 


Remove head variable 
and wildcard patterns from TT 

p € {x, _} n ” n' 

(p, p => e) I TT ™ (p => e) I TT ' 


TT A TT' 


Remove head variable, wildcard, 
and unit patterns from TT 

p € {x, ()} TT TT' 
(p,p=> e) ITT -i (p=> e) in' 


Figure 16. Match coverage 
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Wb t: k 


Under context V, term t has sort k 


(«:k)g¥ YF t, :* ¥ I- t 2 :* YFt:N 

UvarSort UnitSort BinSort ZeroSort SuccSort 


Y F a : k 


'Phi:* 


Y h t, © t 2 : * 


Y F zero : N 


YF succ(t) :N 


Vh P prop 


Under context Y, proposition P is well-formed 

¥ b t : N 'fbtbN 


V b A type 


¥b t = t' prop 

Under context Y, type A is well-formed 


EqDecIProp 


DeclUvarWF 


(a:*) € V 
¥b a type 

f b t : N T b A type 


"VF b 1 type 


DeclUnitWF 


¥ b A type Y b B type 


> £ {~ >> x > +} 


DecIVecWF 


a : k b A type 


T b Vec t A type 

'Pb P prop ¥b A type 


DeclAIIWF 


f b A®B type 

¥, a : k b A type 


DecIBinWF 


Y b (Va : k. A) type Y b (3a : k. A) type 

Vb P prop fb A type 


DeclExistsWF 


DeclImpliesWF 


V b A types 


Y b PDA type 
Under context Y, types in A are well-formed 


¥b AAP type 


DecIWithWF 


for all A G A. 
¥b A type 


Y ctx 


*Ph A types 

Declarative context Y is well-formed 

Vctt x g: dom(Y) M' I- A type 


DecITypevecWF 


■ Ctx 


EmptyDecICtx 


V, x : A ctx 


HypDecICtx 


V ctx a ^ dom(Y) 
Y, a : k ctx 


VarDecICtx 


Figure 17. Sorting; well-formedness of propositions, types, and contexts in the declarative system 
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Under context f, term t has sort k 


T b t : k 


(u : k) € r 
FT u: k 


VarSort 


(& : k = t) £ T 


ri- a : k 


SolvedVarSort 


Tl- 1 :* 


UnitSort 


ZeroSort 


F b P prop 


T b zero : N 

Under context T. proposition P is well-formed 

f b t : N fbt':N 


Tb t:N 
f b succ(t) : N 


Tb Ti :* T b T2 : * 

r b Ti © T2 : * 

SuccSort 


BinSort 


f b t = t' prop 


EqProp 


F b A type 


Under context F, type A is well-formed 


(u : *) € T 


VarWF 


(& : * = t) € P 


T b u type 

f b A type f b B type © £ {— >, x , +} 


SolvedVarWF 


T b A © B type 
f, a : k b A type 


BinWF 


F b & type 

F b t : N F b A type 


UnitWF 


T b Vec t A type 


VecWF 


F b 1 type 

P a : k b A type 
V b Va : k. A type 


ForallWF 


f b 3a : k. A type 


F b P prop T b A type V b P prop Tb A type 

ExistsWF A__L . — ImpliesWF J. , — — WithWF 


f b P D A type 


f b A A P type 


F b A p type 


Under context f, type A is well-formed and respects principality p 


f b A type FEV([P]A) = i 
f b A ! type 


PrincipalWF 


P b A type 
T b A/ type 


NonPrincipalWF 


F b A [p] types 


Under context F, types in A are well-formed [with principality p] 


for all A £ A. 
F b A type 


F ctx 


T b A types 
Algorithmic context f is well-formed 


TypevecWF 


for all A € A. 

T b A p type 

PrincipalTypevecWF 


■ ctx 


EmptyCtx 


x ^ dom(r) 
f ctx f b A type 


r,x:Afctx 

F ctx u ^ dom(T) 

- VarCtx 


FlypCtx 


f b A p types 


x ^ dom(F) 

F ctx T b A type FEV([F]A) = 0 
F, x : A ! ctx 

T ctx & ^ dom(F) f b t : k 


HypiCtx 


r, u : k ctx 

F ctx «:k£F (a = — rb t: k 
T, a = t ctx 


EqnVarCtx 


r, a : k = t ctx 

r ctx ►u i r 
r, ►u ctx 


SolvedCtx 


MarkerCtx 


Figure 18. Well-formedness of types and contexts in the algorithmic system 
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F h P true H A Under context F, check P, with output context A 

f t- ti = t 2 : N H A 


F / P HA J 


F I- ti = t 2 true H A 
Incorporate hypothesis P into T, producing A or inconsistency _L 

T / t, =t 2 :N HA' 


CheckpropEq 


r / ti = t 2 h a 


ElimpropEq 


Figure 19. Checking and assuming propositions 


F b ti = t 2 : K HA Check that ti equals t 2 , taking V to A 


CheckeqVar 


rb u = u : k nr ^ rb 1 = 1 : ★ nr 

r b Ti = t{ : * H 0 0 b [0 ]t 2 = [0]T2 : * H A 


CheckeqUnit 


, , n , , ,, CheckeqBin 

r h (t, © t 2 ) = (t-| © t 2 ) : * HA 

r h t, = t 2 : N H A 


CheckeqZero 


F I- zero A zero : N H V 

F[& : k] h & := t : k H A & £ FV(t) 
f[& : k] P a A t : k HA 


CheckeqlnstL 


F h succ(ti ) A succ(t 2 ) : N H A 

F[& : k] h & := t : k H A & £ FV(t) 
r[& : k] I— t A a : k HA 


CheckeqSucc 


|CheckeqlnstR| 


Figure 20. Checking equations 


t] # t 2 ti and t 2 have incompatible head constructors 


zero # succ(t) 


succ(t) # zero 


1 # (ti © t 2 ) 


(ti © t 2 ) # 1 


©1 + ©2 


(ffl ©1 T, ) # (ff 2 © 2 T 2 ) 


Figure 21. Head constructor clash 


P/cjAtik HA j 


Unify a and t, taking F to A, or to inconsistency _L 

ElimeqUvarRefl 

T / a A -t : N HA J 


T / zero A zero :N H F 


F/aA a :KHF 

ElimeqZero 


T / succ(cr) A succ(t) :N HA j 


ElimeqSucc 


a £ FV(t) (a = — ) ^ F 

— — ; — EhmeqUvarL 

T / a = t : k HT, a = x 


ElimeqUnit 


a FV(t) (a = — ) ^ T 
T / tAcc:k HT, a = T 

t ^ a a £ FV(t) 


|ElimeqUvarR| 


t^« aeFV(r) 
F / a A x : k HA 


|ElimeqUvarl L| 


|ElimeqUvarRA| 


r / 1 A 1 : * -IF 


T / tAdc:k HA 

r / T, a T ; ; * H 0 0 / [0] T2 a [0]t 2 :* H A j 

F / (ti © t 2 ) A © t 2 ) : * HA 1 
T / Ti = x\ : * H _L 


ElimeqBin 


r / (x, © t 2 ) A ( t ,' © t 2 ) : * HA 
o # T 


ElimeqBinBot 


F/itAt:k HA 


ElimeqClash 


Figure 22. Eliminating equations 
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r b A <: ± B H A 


Under input context T, type A is a subtype of B, with output context A 

Tb A = B H A 


A not headed by V/3 
B not headed by V/3 


T b A <: B HA 

B not headed by V 

F, ►&, & : k b [a/a] A<: B HA>4,0 


< : Equiv 


Tb Va: k. A < :~ B HA 


<:VL 


F, (3 : Kb A <:~ B H A, |3 : k, 0 


r,a: k b A <: + B HA,ix:k,0 


Tb 3a: k. A<: + B HA 
Tb A <:~ B HA 


<:3L 


T b A <: V|3 : k. B HA 
A not headed by 3 

r>gj: Kb A<:+ [g/p]B HA,m,0 


neg(A) 
nonpos{ B) 


Tb A < . 3 (3 : k. B HA 
TbA<bB HA 


<: VR 


<:3R 


nonpos{ A) 
neg( B) 


Tb A <: B HA 

f b A <: + B HA 


pos( A) 
nonneg( B) 


r b P = Q 3 A 


Tb A<bBHA 

Under input context T, 
check that P is equivalent to Q 
with output context A 


<: _L 


T b A <:+ B HA 
r b A <: + B HA 


nonneg( A) 
poj(B) 


fbA<bBHA 


<:±R 


T b t, =t 2 :NH0 0b [0]t( = [0]t 2 : N H A 
r b (ti = tj ) = (t2 = ) ha 


=PropEq 


rb A = B 3 A 


Under input context T, 
check that A is equivalent to B 
with output context A 

=Var 


Tb a = a H r 


r b & = & -\r 


r b A, = Bi H 0 0b [0]A 2 = [0]B 2 h a 
rb (A, 0 A 2 ) = (Bi 0B 2 ) HA 

T, a : k b A = B H A, a : k, A' 


=Exvar 


r b ti = t 2 h 0 


=Unit 


rb i = i h r 

0 b [0]A, = [0]A 2 H A 


b b (Va: k. A) = (Va: k. B) HA 

TbP = QH0 0b [0]A = [0]B H A 
rb (PdA)e(qdb) ha 

& £ FV(t) r[&] b & := t : * H A 


=v 


r b (Vec t, A, ) = (Vec t 2 A 2 ) H A 
T, a : k b A = B H A, a : k, A' 


=Vec 


=3 


= D 


r[&] b & = t h a 


= lnstantiateL 


Tb (3a: k. A) = (3a: k. B) HA 

TbP = QH0 0b [0]A = [0]B H A 
r b (A A P) = (B A Q) HA 

a £ fv(t) r[a] b a := t : * ha 


=A 


r [a] b t = a h a 


l=lnstantiateRI 


Figure 23. Algorithmic subtyping and equivalence 


Tb & := t : k HA 


Under input context F, 

instantiate a such that a = t with output context A 


To b t : k 

bo, a : k, n b a := t : k h To, a : k = t, n 


InstSolve 


(3 € unsolved(b[a : k] [(3 : k]) 
b[a : k][(3 : k] b a := jS : k H T[a : k][$ : k = a] 


InstReach 


r[a 2 : &i : a : * 


ai © a 2 ] b ai := ti : * H 0 0 b a 2 := [0 ]t 2 :* h a 

T[a : *] b a := Ti © t 2 : ★ H A 


InstBin 


r[a : N] 1 a := zero : N H T[a : N 


InstZero 

zero] 


r[ai :N,a:N = succ(a,)] b a, :=ti :N H A 
r[a:N] b a^succct,) jha 


InstSucc 


Figure 24. Instantiation 
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F b FT :: A 4= C p HA 


Under context F, 

check branches FT with patterns of type A and bodies of type C 


— MatchEmpty 

Tb • A 4= C p HF 


rb 7 t :: A 4 = C p H 0 

Fb Ttin' 


0b FT' ::A4=Cp HA 

— MatchSeq 

A 4 = Cp H A 


Tb e 4= C p HA 
T b (• =4 e) :: • 4= C p HA 


MatchBase 


Tb p =4 e :: A 4= C p HA 
rb (), p =4 e :: 1, A 4= C p HA 


MatchUnit 


F a : k b p=4e::A, A4=Cp H A, a : k, 0 

— MatchH 

T b p =4 e :: (3a : k. A), A 4= C p HA 

r b pi , p2, p =4 e :: Ai , A2, A 4= C p HA 

Match x 

r b (pi , P2), p =4 e :: Ai x A2, A 4= C p HA 


Fb 


T/Ph p=4e::A,A4=Cp HA 
Tb p=4e::AAP, A4=Cp HA 

T b p, p =4 e :: Ar, A 4= C p HA 
(inj k p), p =4 e :: Ai + A 2 , A 4= C p 


MatchA 


Match+ k 

H A 


A not headed by A or 3 F, z : A ! b p =4 e' :: A 4= C p HA.z: A!,A’ 

C; - ! 1 MatchNeg 

Fbz, p =4 e :: A, A 4= C p HA 


A not headed by A or 3 rhp=4e::A4=CpHA 

- - MatchWild 

T b p =4 e :: A, A 4= C p HA 

T / ft = zero) b p=4e::A4=Cp HA 

— — - MatchNil 

F b [] , p =4 e :: (Vec tA),A4=Cp HA 

F, a : N / (t = succ(a)) b Pi , P2, P =4 e :: A, (Vec a A), A 4= C p H A, a : N, 0 

MatchCons 

r b (pi :: p 2 ), p =4 e :: (Vec tA),A4=Cp HA 


Under context T, incorporate proposition P while checking branches FT 
with patterns of type A and bodies of type C 

T / it = t:k Hi F, ►p/u = t:k H0 0bp=4e::A4=CpHA, ^p, A' 

MatchA — — ^ MatchUnify 

r/o = Tbp=4e::A4=CpHF r/ir = Tbp^>e::A4=CpHA 

Figure 25. Algorithmic pattern matching 


r/Pbn::AbCp HA 


F b FT covers A 


F / P b FT covers A 


Under context F, patterns FT cover the types A 

Under context F, patterns FI cover the types A assuming P 

n •FS rr' r b n' covers a 


CoversEmpty 


F b (■ =4 ei ) I FI covers 

n n' rb n' covers Ai , A2, A 
T b FI covers (Ai x A2), A 

T, a : k b n covers A 


Covers X 


T b FI covers A, A 
FI 'ir FIl II FIr 


CoversVar 


fl -i- Ff , r b n' covers A 


T b FT covers 1 , A 
T b FIl covers Ai , A F b FIr covers A2, A 


CoversH 


F b FT covers (Ai + A2), A 
T / ti = t 2 b FI covers Ao, A 


Coversl 


Covers+ 


CoversA 


T b FT covers ( 3 a : k. A), A T b FI covers (Ao A (ti = t2)), A 

p II 1 1 :: T / t = zero b TT[j covers A F, n : N / t = succ(n) b Ff :: covers (A, Vec rt A, A) 


FI Xs n n || n 


r / [F]t, = [F]t 2 : K H A 


T b FI covers Vec t A, A 
A b [A] FT covers [A] A 


CoversVec 


T / ti = t2 b FT covers A 


CoversEq 


r / [r]ti = [F]t2 :k hi 
r / ti = t 2 b FT covers A 


CoversEq Bot 


Figure 26. Algorithmic match coverage 
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E. Theorems and Selected Lemmas 
E.l Decidability and determinacy 
Theorem 1 (Decidability of Subtyping). 

Given a context F and types A, B such that F b A type and V b B type and [T] A = A and [F] B = B. it is decidable whether there exists A 
such that Tb A < : ± B HA. 

Theorem 2 (Decidability of Coverage). 

Given a context T, branches FT and types A, it is decidable whether F b FT covers A is derivable. 

Theorem 3 (Decidability of Typing). 

(i) Synthesis: Given a context F, a principality p, and a term e, 

it is decidable whether there exist a type A and a context A such that 
F b e=) Ap HA. 

(ii) Spines: Given a context T, a spine s, a principality p. and a type A such that Tb A type, 
it is decidable whether there exist a type B, a principality q and a context A such that 
Fb s:Ap»Bq HA. 

(Hi) Checking: Given a context F, a principality p, a term e, and a type B such that F b B type, 
it is decidable whether there is a context A such that 
Tb e <b= B p HA. 

(iv) Matching: Given a context F, branches FF, a list of types A. a type C, and a principality p, it is decidable whether there exists A such 
that Tb FF :: A b= C p HA. 

Also, if given a proposition P as well, it is decidable whether there exists A such that F / P b FF :: A <(= C p HA. 

Theorem 4 (Determinacy of Subtyping). 

( 1 ) Subtyping: Given F. e, A, B such that T > i :: V b A < : ± B H Ai and T>2 V b A < : ± B H A2, 
it is the case that Ai = A2. 

Theorem 5 (Determinacy of Typing). 

( 1 ) Checking: Given T, e. A. p such that T> 1 :: F b eb Ap H Ai and T> 2 :: T b eb Ap H A2, 
it is the case that Ai = A2. 

( 2 ) Synthesis: Given T, e such that T>-\ :: F b e =)> Bi pi H Ai andT>2 :: V b e =b B2 P2 H A2, 
it is the case that Bi = B2 and pi = p2 and Ai = A2. 

( 3 ) Spine judgments: 

Given T, e, A, p such thatVi ::Fb e:Ap>Ci qi H Ai and X>2 :: F b e : A p 3 > C2 q2 H A2, 
it is the case that Ci = C2 and qi = q2 and Ai = A2. 

The same applies for derivations of the principality-recovering judgments Fb e : A p > Ck [qk] H Ak. 

( 4 ) Match judgments: 

Given T, FF, A, p, C such that D\ :: F b FF :: A <(= C p H Ai and X>2 :: F b FF :: A <(= C p H A2, 
it is the case that Ai = A2. 

Given F, P, TF, A, p, C 

such that D 1 :: T / P b FF :: A -(= C p H Ai and T>2 :: F / P b FF :: A <(= C p HA2, 
it is the case that Ai = A2. 

E .2 Soundness 

For several auxiliary judgment forms, soundness is a matter of showing that, given two algorithmic terms, their declarative versions are equal. 
For example, for the instantiation judgment we have: 

Lemma (Soundness of instantiation). 

If F b &:=t:k HA and & FV([F]t) and [F]x = t and A — > G then [G]& = [G]t. 

We have similar lemmas for term equality (F b cr A t : k H A), propositional equivalence (F b P = Q HA) and type equivalence 
(F b A = B H A). 

Our eliminating judgments incorporate assumptions into the context V. We show that the algorithmic rules for these judgments just append 
equations over universal variables: 

Lemma (Soundness of Equality Elimination). If [F] cr = cr and [F]t = t and F b cr : k and V b t : k and FEV(cr) U FEV(t) = 0 , then: 

( 1 ) If T / cr A t : k HA 

then A = (F, 0 ) where 0 = (ai = ti , . . . , a n = t n ) and 
for all Cl such that T — » Cl and all t' s.t. O b t' : k' 
we have [G, 0 ]t' = [ 0 ][G]t' where 0 = mgu(cr, t). 

( 2 ) If T / cr A t : k H _L then no most general unifier exists. 

The last lemmas for soundness move directly from an algorithmic judgment to the corresponding declarative judgment. 
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Lemma (Soundness of Checkprop). 

If T h P true H A and A — » O then 'P h [G]P true. 

Lemma (Soundness of Algorithmic Subtyping). If [F] A = A and [F] B = B and P h- A type and I h B type and A - 
rh A<: ± B HA then [OJA h- [G]A |G]B. 

Lemma (Soundness of Match Coverage). 

1. If P b Pi covers A and T — > G and P h A ! types and [F]A = A then (G]P h Pi covers A. 

2. If T / P h Pi covers A and P — > Cl and V h A ! types and [F] A = A and [F]P = P then [G]P / P h Pi covers A. 

Theorem 6 (Soundness of Algorithmic Subtyping). 

If [P]A = A and [T] B = B and V b A type and P h B type and A — > Cl and Th A<: ± B HA then [G]A h [G] A < ± [G]B. 

Theorem 7 (Soundness of Match Coverage). 

If T h PT covers A and V — t Cl and T h A ! types and [P]A = A 
then [G]P I- 11 covers A. 

Theorem 8 (Soundness of Algorithmic Typing). 

Given A — t Cl: 

(i) Iff h e#Ap HA and P h A p type then (G]A h [G]e 4= [O] A p. 

(ii) If r h e=)Ap HA then [G]A h- [G]e =)■ [G]A p. 

(Hi) If T h s : Ap> B q HA and V h A p type then [G]A h [G]s : [G]A p [G]B q. 

(iv) Pfrhs:Ap)|>B|"q] HA and Ph Ap type then [Q]Ah [Q]s : [D]Ap > [n]B |"q], 

( v) If T h rf::A4=Cp HA and TP A! types and [r]A = A and V h C p type 
then [0]A h [0]n :: [D]A 4= [Q]C p. 

(vi) Iff / P h Pf::A4=Cp HA and V h P prop and FEV(P) = 0 and [F] P = P 
and Th A! types and V h C p type 

then [Q]A / [0]P h [0]n :: [0]A 4= [0]C p. 

E.3 Completeness 

Theorem 9 (Completeness of Subtyping). 

If T — ) Cl and dom(r) = dom(O) and Th A type and Th B type 

and [D]r h [0]A < ± [D]B 

then there exist A and Cl' such that A — > Cl' 

and dom(A) = dom(G / ) 

and Cl — > O' 

and PI- [F] A <: ± [P]B HA. 

Theorem 10 (Completeness of Match Coverage). 


1. If [0]T h [0]Pf covers [OJA and P — > O and Th A! types and [r]A = A 
then Th n covers A. 

2. If [0]T / [0]P h [0]Pi covers [0]A and P — > O and Th A! types and [r]A = A and [F] P = P 
then T / P h Pi covers A. 

Theorem 11 (Completeness of Algorithmic Typing). Given T — > Cl such thatdom(P) = dom(G); 

(i) If r h A p type and [0]P h [0]e 4= [G]A p andp' F p 
then there exist A and Cl ' 

such that A — ) Cl' and dom(A) = dom(O') and O — > O' 
andT h- e 4= [P]Ap' H A. 

(ii) If T h- A p type and [0]P h [Q]e =4 Ap 
then there exist A, O', A', andp' F p 

such that A — > O' and dom(A) = dom(O') and Cl — > O' 
and T I- e =)> A'p' H A and A ' = [A]A'andA= [0']A'. 

(Hi) If T h Ap type and [0]P h [0]s : [0]A p > B q andp' F p 
then there exist A, O', B' and q'Pq 
such that A — > O' and dom(A) = dom(O') and O — > O' 
andT h- s : [r]Ap' > B' q' H A and B ' = [A]B' and B = [0']B'. 

(iv) If P h A p type and [O] F h [0]s : [0]A p > B [q] andp' F p 
then there exist A. O', B', and q' F q 
such that A — > O' and dom(A) = dom(G') and O — > O' 
andT h s : [P]Ap' > B' fq '] H A and B ' = [A]B' andB = [0']B'. 
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(v) Iff \- A ! types and V I- C p type and [Q]F h [Q]n :: [Q]A 4= [0]C p a ndp' C p 
then there exist A, O', and C 

such that A — > Cl' and dom(A) = dorr^n') and Cl — > O' 
andFh n:: [F]A 4= [F]Cp' HA. 

(vi) If F h A ! types and F h P prop and FEV(P) = 0 and F (- C p type 
and [n]F / [0]P h [Q]FT :: [0]A <T= [0]C p 

and p ' C p 

then there exist A. O', and C 

such that A — > Cl' and dom(A) = dom(0 / ) and Cl — > Cl' 
and F / [F]P h FT :: [F]A <T= [r]Cp' HA. 
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1 List of Judgments 

For convenience, we list all the judgment forms: 


Judgment 

Description 

Location 

Vb t: k 

Index term/monotype is well-formed 

Figure ?? 

Vh P prop 

Proposition is well-formed 

Figure ?? 

Vh A type 

Type is well-formed 

Figure ?? 

*fh A types 

Type vector is well-formed 

Figure ?? 

W ctx 

Declarative context is well-formed 

Figure ?? 

fh A < ± B 

Declarative subtyping 

Figure ?? 

P true 

Declarative truth 

Figure ?? 

b ebAp 

Declarative checking 

Figure ?? 

¥b eb Ap 

Declarative synthesis 

Figure ?? 

¥b s:Ap>Cc| 

Declarative spine typing 

Figure ?? 

A Fbs:Ap>C["q] 

Declarative spine typing, recovering principality 

Figure ?? 

¥bn::AbCp 

Declarative pattern matching 

Figure ?? 

V/Pb FI :: A b C p 

Declarative proposition assumption 

Figure ?? 

Vb n covers A 

Declarative match coverage 

Figure ?? 

F b t : k 

Index term/monotype is well-formed 

Figure ?? 

F b P prop 

Proposition is well-formed 

Figure ?? 

F b A type 

Polytype is well-formed 

Figure ?? 

r ctx 

Algorithmic context is well-formed 

Figure ?? 

[r] a 

Applying a context, as a substitution, to a type 

Figure ?? 

r b P true H A 

Check proposition 

Figure ?? 

r / p ha - 1 

Assume proposition 

Figure ?? 

Tb s=bt:K HA 

Check equation 

Figure ?? 

s # t 

Head constructors clash 

Figure ?? 

P / s = t : k H A- 1 - 

Assume/eliminate equation 

Figure ?? 

Tb A<: ± B HA 

Algorithmic subtyping 

Figure ?? 

P/Pb A<: B HA 

Assume/eliminate proposition 

Figure ?? 

r b P = Q H A 

Equivalence of propositions 

Figure ?? 

Tb A = B HA 

Equivalence of types 

Figure ?? 

rba : =t:KHA 

Instantiate 

Figure ?? 

e chk-I 

Checking intro form 

Figure ?? 

Tb eb Ap HA 

Algorithmic checking 

Figure ?? 

Fb ebAp HA 

Algorithmic synthesis 

Figure ?? 

Tb s:Ap>Cq HA 

Algorithmic spine typing 

Figure ?? 

Tb s:Ap>C[q] HA 

Algorithmic spine typing, recovering principality 

Figure ?? 

Tb FI :: A b C p HA 

Algorithmic pattern matching 

Figure ?? 

T / Pb FT ::AbCp HA 

Algorithmic pattern matching (assumption) 

Figure ?? 

T b FT covers A 

Algorithmic match coverage 

Figure ?? 

r — > A 

Context extension 

Figure ?? 

[H]F 

Apply complete context 

Figure ?? 
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A Properties of the Declarative System 

Lemma 1 (Declarative Well-foundedness). Go to proof] 

The inductive definition of the following judgments is well-founded: 

(i) synthesis ¥h e^Bp 

(ii) checking ¥h el=Ap 

(iii) checking, equality elimination 'f/Ph e <= C p 

(iv) ordinary spine ¥h s: Ap >B q 

(v) recovery spine ¥h s:Ap»B [ q ] 

(vij pattern matching W b TT :: A <^= C p 

( vii j pattern matching, equality elimination V/Ph IT :: A <^= C p 


Lemma 2 (Declarative Weakening) . Go to proof 

( i ) If^ko) hb I t : k then ¥0 ,4k Tb b t : k. 

(ii) J/' a ± / o 5 b P prop then h'o,h / ,h ; i b P prop. 

(iii) IfWoyWi b P true thenW o,h / ,h'i b P true. 

(iv) IfWoyWi I- A type thenW o,h / ,h'i b A type. 


Lemma 3 (Declarative Term Substitution). Go to proof 
Suppose ¥h t : k. Then: 

1. If To, a : k,^! k t' : k then Wo, [t/a]hb k [t/oc]t ' : k. 

2. IfW o , a : k,Wi b P prop then T y o, [t/a]¥i b [t/a]P prop. 

3. IfW 0 ) 0 t: k,^! b A type then Wo, [t/a]hb b [t/a]A type. 

4. ffW o, a : K,hb b A < ± B thenW 0 , [t/a]¥i b [t/a]A < ± [t/a]B. 

5. ffh'o, a : k,^! b P true then Vq, [t/a]hb b [t/a]P true. 


Lemma 4 (Reflexivity of Declarative Sub typing). Go to proof 
Given Vb A type, we have thath 7 b A < ± A. 


Lemma 5 (Sub typing Inversion) . Go to proof 

• IfW b 3a : k. A < + B thenW , a : k b A < + B. 

• IfW b A < V|3 : k. B thenWy |3 : k b A < B. 


Lemma 6 (Subtyping Polarity Flip) . Go to proof 

• Ifnonpos[ A) and nonpos[ B) andW b A < + B 

then T b A < B by a derivation of the same or smaller size. 

• Ifnonneg{ A) and nonneg{ B) andW b A < B 

then T b A < + B by a derivation of the same or smaller size. 

• ffnonpos[ A) and nonneg[ A) and nonpos{ B) and nonneg( B) anc/W b A < ± B 
then A = B. 


Lemma 7 (Transitivity of Declarative Subtyping) . |Go to proof 
Given Vb A type and ¥b B type and Vb C type: 

(i) IfV-i :: ¥ b A < ± B and V 2 :: W b B < ± C 
then V b A < ± C. 

Property 1. We assume that all types mentioned in annotations in expressions have no free existential 
variables. By the grammar, it follows that all expressions have no free existential variables, that is, 
FEV(e) = 0. 
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B Substitution and Well-formedness Properties 

Definition 1 (Softness). A context 0 is soft iff it consists only of cc : k and a : k = r declarations. 
Lemma 8 (Substitution — Well-formedness). Go to prooi\ 

(i) If T h Ap type and r b t p type then F b [ r t/oc]A p type. 

(ii) If T b P prop and T b t p type then F b [t/oc]P prop. 

Moreover, i/p = ! and FEV([r]P) = 0 then FEV([r][T/ac]P) = 0. 


Lemma 9 (Uvar Preservation). Go to proot 
If A — > LI then: 

(i) If { a : k) eQ then (a : k) e [O] A. 

(ii) If(x : Ap) e O then (x : [D]Ap) e [C]A. 

Lemma 10 (Sorting Implies Typing). | Go to proot\ Iff b t : 7k- then V b t type. 


Lemma 11 (Right-Hand Substitution for Sorting). Go to proot Iff b t : k then F b [F]t : k. 


Lemma 12 (Right-Hand Substitution for Propositions). Go to proot Iff b P prop then F b [F] P prop. 


Lemma 13 (Right-Hand Substitution for Typing). Go to proot Iff b A type then F b [F] A type. 
Lemma 14 (Substitution for Sorting). Go to proot\ If LI b t : k then )0]0 b [Q] L : k. 


Lemma 15 (Substitution for Prop Well-Formedness). Go to proot 
If Q b P prop then [H]n b [II] P prop. 


Lemma 16 (Substitution for Type Well-Formedness). Go to proot If LI b A type then |Tl]Ii b [11] A type. 


Lemma 17 (Substitution Stability). Go to proot 

If 1 11, £lz) is well-formed and Liz is soft and LI b A type then f£l] A = [fl, Ozl A. 


Lemma 18 (Equal Domains). Go to proot 

If LI] b A type and dom(Di ) = dom(£l 2 ) then Liz b A type. 


C Properties of Extension 


Lemma 19 (Declaration Preservation). Go to proot Iff 
in A. 


A and u is declared in F, then u is declared 


Lemma 20 (Declaration Order Preservation) . Go to proot If F 
F, then u is declared to the left ofv in A. 


A and u is declared to the left ofv in 


Lemma 21 (Reverse Declaration Order Preservation). Go to proot If T — > A and u and v are both 
declared in V and u is declared to the left ofv in A, then u is declared to the left ofv in F. 

An older paper had a lemma 


“Substitution Extension Invariance” 

If 0 b A type and 0 — > T then [F]A = [r]([0]A) and [F] A = [0] ( [r] A) . 


For the second part, [F]A = [0]([F]A), use Lemma [29l ( [Substitution Monotonicity I (i) or (iii) instead. 
The first part [r]A = [r][0]A hasn’t been proved in this system. 

Lemma 22 (Extension Inversion). Go to proot 


( i ) IfV F 0 , a : k, Fi — > A 

then there exist unique Ao and A] 

such that A — (Ao, a : k, Ai ) and V :: Fo — > Ao where V < V. 
Moreover, if F i is soft, then Ai is soft. 
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(a) ifv-.: r 0 ,* U) ri — * A 

then there exist unique Ao and A] 

such that A = (Ao, ►u, Ai ) and V :: To — » Ao where V < V. 

Moreover, if Pi is soft, then Ai is soft. 

Moreover, if dom(ro, ►u, H ) = dom(A) then dom(Fo) = dom(Ao). 

(iii) IfT> :: F 0 , a = x, T| — > A 

then there exist unique Ao, x' , and Ai 

such that A = (Ao, a = x', Ai ) and V :: Fo — > Ao and [AoJx = [AoJx' where V < V. 

(iv) IfV :: Fo, 6t : k = x, Fi — > A 

then there exist unique Ao, x', and Ai 

such that A = (Ao, ct : k = x', Ai) and V :: Fo — * Ao and [AoJx = [AoJx' where V < V. 

(v) IfV :: Fo,x : A, Fi — >A 

then there exist unique Ao, A', and Ai 

such that A = [Ao,x : A', Ai ) and V :: Fq — > Ao and [Ao]A = [AoJA' where V < V. 
Moreover, if Fi is soft, then Ai is soft. 

Moreover, if dom(Fo,x : A, Fi ) = dom(A) then dom(Fo) = dom(Ao). 

(vi) IfV :: Fo, 6t : k, Ti — » A then either 

• there exist unique Ao, x' , and Ai 

such that A = (Ao, &: k = x', Ai ) and V :: To — > Ao where V < V, 
or 

• there exist unique Ao and Ai 

such that A = (Ao, & ■ k, Ai ) and V :: To — ■> Ao where V < V. 


Lemma 23 (Deep Evar Introduction). Go toprool 


(i) If To, Fi is well-formed and 6t is not declared in To, Fi then To, Fi — » To, cl: k, Fi . 

(ii) Iff o, 6t : k, Fi is well-formed and V h t : k then To, & : k, Fi — > Fo, & : k = t, Fi . 

(iii) If To, Fi is well-formed and F h t : k then To, T i — > Fq, & : k = t, Fi . 


Lemma 24 (Soft Extension). Go to proof 

Iff — > A and T, 0 ctx and 0 is soft, then there exists Q. such that dom(0) = dom(Q) and T, 0 
Definition 2 (Filling). The filling of a context |F| solves all unsolved variables: 


a ,n. 


F,x : A| 

F, a : k| 
r, a = t| 

F, & : k = t| 

r, ►&! 

F, a : *1 
r, a : n| 


r|,x : A 

r| , OL : K 

r| , a = t 

F| , & : k = t 

r| , ►& 

r|,&:* = 1 

T| , & : N = zero 


Lemma 25 (Filling Completes). Iff — > £1 and (F, 0) is well-formed, then F, 0 — > Cl, |0|. 


Proof. By induction on 0, following the definition of |— | and applying the rules for 


Lemma 26 (Parallel Admissibility). Go to proot 
Iff l — > Al and Fl,Fr — > Al,Ar then: 


□ 


( i ) r L , a : K, r R — > A L , a : k, A r 

(ii) If Al h x' : k then Fl, a : k, Tr — > Al, a : k = x', Ar. 

(iii) If Tl l~ x : k and Al b x' type and [Al]x = [Al]x', then Fl, a : k = x, Tr — > Al, a : k = x', Ar. 
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Lemma 27 (Parallel Extension Solution). Go to proof 

IfV l, ft : k, P R — > Al, ft : k = t',Ar and 1Y b x : k and [Al]t = [Al]t' 

then P L , ft : k = t, r R — > A L , ft : k = t', A r . 


Lemma 28 (Parallel Variable Update). Go to proof 

If 1Y, ft : k, P R — > Al, ft : k = To, A R and Y h ti : k and Al h t 2 : k and [Al]to = [AlJti = [Al]t 2 
then P L , ft : k = Ti , f R — > A L , ft : k = T 2 , A r . 


Lemma 29 (Substitution Monotonicity). Go to proof 


(i) IfV — > A and P b t : k then [A] [r] t = [A] t. 

( if ) If T — > A and P b P prop then [A] [r] P = [A] P. 
(in) IfV — > A and P b A type then [A] [P] A = [A] A. 


Lemma 30 (Substitution Invariance). |Go to proof 

(i) If T — > A and P b t : k and FEV([r]t) = 0 then [A][r]t = [P]t. 

(ii) If T — > A and P b P prop and FEV([r]P) = 0 then [A] [T] P = [P]P. 

(iii) If T — > A and P b A type and FEV([P]A) = 0 then [A][r]A = [P] A. 


Definition 3 (Canonical Contexts). A (complete) context Cl is canonical iff, for all [oi: k = t) and ( oc — 
t) e Cl, the solution t is ground (FEV(t) = 0). 


Lemma 31 (Split Extension). | Go to proof 
If A — > Cl 


and Si G unsolved(A) 

and Cl = Hi [ft : k = ti] 

and Cl is canonical (Definition^ 

and £1 b t 2 : k 

then A — > £>i [ft : k = t2]. 


C.l Reflexivity and Transitivity 

Lemma 32 (Extension Reflexivity) . |Go to proof 
If T ctx then T — > T. 

Lemma 33 (Extension Transitivity ). ^Gojoproof 
IfV :: P — > 0 and V :: 0 — > A then T — > A. 


C.2 Weakening 

The “suffix weakening” lemmas take a judgment under P and produce a judgment under (T, 0). They do 
not require P — > T, 0. 

Lemma 34 (Suffix Weakening) . 

Lemma 35 (Suffix Weakening). 

The following proposed lemma is false. 

“Extension Weakening (Truth)” 

If T b P true H A and V — > P' then there exists A' such that A — > A' and T'b P true H A'. 


Go to proof If T b t : k then P, 0 b t : k. 


Go to proof If T b A type then (0 b A type. 


Counterexample: Suppose ft b 
such a A'. 

Lemma 36 (Extension Weakening 
Lemma 37 (Extension Weakening 
Lemma 38 (Extension Weakening 


ft = 1 true H ft = 1 and ft — > (ft = (1— >1)). Then there does not exist 


(Sorts)). Go to proof If T b t : k and P — > A then A b t : 
(Props)). Go to proof If V b P prop and V — > A then A b 
(Types)). Go to proof If P b A type and P — > A then A b 


K. 

P prop. 
A type. 
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C.3 Principal Typing Properties 

Lemma 39 (Principal Agreement) . |Go to prooi 

(i) If T (- A ! type and T — > A then [A] A = [P] A. 

(ii) If T b P prop and FEV(P) = 0 and V — > A then [A]P = [F]P. 


Lemma 40 (Right-Hand Subst. for Principal Typing). Go to prooi Iff I- A p type then F h [F]A p type. 

Lemma 41 (Extension Weakening for Principal Typing). Go to prooi IfF b A p type and F — > A then 
Ah Ap type. 


Lemma 42 (Inversion of Principal Typing). Go to prooi 

(1) Iff b (A — > B) p type then T h A p type and Th Bp type. 

(2) If F b (P 3 A) p type then F b P prop and F b A p type. 

(3) If F b (A A P) p type then fb P prop and F b A p type. 


C.4 Instantiation Extends 


Lemma 43 (Instantiation Extension) . Go to prooi 
If T b &:=t:k HA then F — > A. 


C.5 Equivalence Extends 


Lemma 44 (Elimeq Extension). Go to prooi 

IfF / s = 1:k HA then there exists 0 such that F, 0 


Lemma 45 (Elimprop Extension) . Go to prooi 
IfF / P HA then there exists 0 such that F, 0 - 


Lemma 46 (Checkeq Extension). Go to prooi 
If F b A = B H A then F — > A. 


Lemma 47 (Checkprop Extension) . |Go to prooi 
If F b P true H A then F — > A. 


Lemma 48 (Prop Equivalence Extension) . Go to prooi 
If F b P = Q H A then F — > A. 


Lemma 49 (Equivalence Extension). Go to prooi 
If T b A = B HA then F — > A. 


C.6 Subtyping Extends 


Lemma 50 (Subtyping Extension). Go to prooi IfF b A<: =F B HA then F — > A 


C.7 Typing Extends 

Lemma 51 (Typing Extension). Go to prooi 

If T b ebAp HA 

orFb e => A p HA 

orFb s:Ap>Bq HA 

orFb lT::A<i=Cp HA 

orr/Pbn::AbCp HA 

then F — > A. 
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C.8 Unfiled 


Lemma 52 (Context Partitioning) . Go to proof 

If A, ►&,© — * O, ►&, £lz then there is a W such that [O, ►a, OzKA, ► &, 0) = [11] A, V. 
Lemma 53 (Softness Goes Away). 

If A, 0 — > H, Qz where A — > £1 and 0 is soft, then [Q, Qzl (A, 0) = [£1] A. 

Proof. By induction on 0, following the definition of [H]F. 


□ 


Lemma 54 (Completing Stability) . Go to proof 
if r — » ci then [cyr = [cyn. 


Lemma 55 (Completing Completeness). Go to proof 

(i) If Cl — > Cl' and Cl b t : k then [£l]t = [11 ']t. 

(ii) If Cl — ) Cl' and Cl b A type then [11] A = [£1 ']A. 
( Hi ) If Cl — i Cl' then [Q]Q = [Q1Q', 


Lemma 56 (Confluence of Completeness) . Go to prooi 
If Ai — » £1 and A 2 — > £1 then [£l]Ai = [£1]A2. 


Lemma 57 (Multiple Confluence). Go to proof 

If A — > Cl and Cl — > Cl’ and A' — > O' then [OJA = [0']A'. 

Lemma 58 (Bundled Substitution for Sorting). If T b t : k and V — > O then [OJT b [0]t : k. 


Proof. 


F 

b 

t : k 

Cl 

b 

t : k 

[0]0 

b 

[Q]t 

a - 


Cl 

[n]n 

= 

[Q]r 

[Q]r 

b 

[Q]t 


Given 

By Lemma [36] ([Extension Weakening (Sorts) ) 


By Lemma [32l ( [Extension ReflexivityP 
By Lemma l56l ([Confluence of Completeness]) 


□ 


O and dom(O canon ) = dom(F) and, for all 


Lemma 59 (Canonical Completion). Go to prooi 
Iff — > O 

then there exists Cl canon such that F — > Cl canon and Cl canon 
& : k = t and a = t in Cl can on, we have FEV(x) = 0. 

The completion Cl canon is “canonical” because (1) its domain exactly matches V and (2) its solutions t 
have no evars. Note that it follows from Lemma [57l ( [Multiple Confluence! ) that [O c£mon ]r = fO]F. 

Lemma 60 (Split Solutions). Go to prooi\ 

If A — > Cl and di £ unsolved(A) 

then there exists £1] =£){[&: k = ti ] such that £1] — » £L and CI 2 = Cl\ [6fc : k = tf\ where A — > £1 2 and 
t 2 f ti and Clz is canonical. 


D Internal Properties of the Declarative System 


Lemma 61 (Interpolating With and Exists). Go to prooi 


(1) If V :: X V Ff :: A C p and Th Po true 
then V ¥ b n::AbCAP 0 p. 


(2) IfV ::W b TT :: A [t/oc.]Co p andV b x : k 
then V :: ¥ b FT :: A <b= (3a : k. Co) p. 


In both cases, the height ofV is one greater than the height ofV. 

Moreover, similar properties hold for the eliminating judgments / P b II :: A <(= C p. 
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Lemma 62 (Case Invertibility) . Go to proof 
IfW b case(eo,TT) <b Cp 

then Vh eo =H> A ! and ¥h FT :: A <= C p and ¥ b TT covers A 

where the height of each resulting derivation is strictly less than the height of the given derivation. 


E Miscellaneous Properties of the Algorithmic System 

Lemma 63 (Well-Formed Outputs of Typing). [Goto~proo/| 

(Spines) lfrbs:Aq>CpHAorrbs:Aq>C[p] HA 
and T b A q type 
then A b C p type. 

(Synthesis) If P b e =p A p HA 
then A b p type. 


F Decidability of Instantiation 


Lemma 64 (Left Unsolvedness Preservation). Go to proof 

Iff oi &, T | b ft := A : k HA and $ G unsolvedfTo) then |3 G unsolved(A). 


Lemma 65 (Left Free Variable Preservation). Go to proof If Po, ft : k, Ti b & := t : k HA and P b s : k' 
and ft ^ FV([P]s) and j3 G unsolved(Po) and (3 ^ FV([P]s), then j3 ^ FV([A]s). 


Lemma 66 (Instantiation Size Preservation). Go to proof If To, ft, Pi b ft := t : k HA and T b s : k' and 


6i FV([P]s), then | [r] s| = |[A]s|, where |C| is the plain size of the term C. 


Lemma 67 (Decidability of Instantiation). Go to proof\ Iff = Po)ft : k '] and P b t : k such that [P]t = t 
and oi ^ FV(t), then: 


(1) Either there exists A such that Pq [& : k '] b & := t : k HA, or not. 


G Separation 

Definition 4 (Separation) . 

An algorithmic context T is separable and written Tl * Pr if (1) P = (Pl, Tr) and (2) for all (ft : k = t) g Tr 
it is the case that FEV(t) C dom(P R ). 

Any context P is separable into, at least, • * T and r * ■ . 

Definition 5 (Separation-Preserving Extension) . 

The separated context Tl * Pr extends to Al * Tr, written 

(r L * Tr) -*-> (Al * a r ) 


if (Pl, Tr) — > (Al, Ar) and dom(rL) C dom(AL) and dom(rR) C dom(AR). 


Separation-preserving extension says that variables from one half don’t “cross” into the other half. 
Thus, Al may add existential variables to Pl, and Ar may add existential variables to Pr, but no variable 
from Pl ends up in Ar and no variable from P r ends up in Al- 

It is necessary to write (Pl * Tr) (Al * Ar) rather than ( Pl * Pr) — > (Al * Ar), because only 
includes the domain conditions. For example, (ft * p) — > (ft, p = ft) * •, but the variable p has “crossed 
over” to the left of * in the context (ft, p = ft) * •. 


Lemma 68 (Transitivity of Separation). Go to proof 
If (P L * Tr) -*-» (0l * ®r) and (0 L * 0r) -*-* (A L * Ar) 
then (r L * Pr) (A l * Ar). 
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Lemma 69 (Separation Truncation). Go to proof 
If H has the form oc : k or ►a or ►p or x : A p 
and (r L * (T r , H)) (A L * A R ) 
then (r L * T r ) it 4 (A l * A 0 ) where A R = (A O ,H,0). 


Lemma 70 (Separation for Auxiliary Judgments) . Go to proof 


(i) If Tl * T r h a A x : k HA 

and FEV(cr) U FEV(t) C dom(r R ) 

then A = (Al * A R ) and (Fl * Tr) (Al * A R ). 

(ii) If Tl * T r h P true H A 
and FEV(P) C dom(r R ) 

then A = (Al * A R ) and (Fl * Tr) -*-* (Al * A R ). 

(Hi) If Tl * T r / ct A t : k HA 
and FEV(cr) U FEV(t) = 0 

then A = (A L * (A r ,0)) and (F L * (F R ,0)) (A L * A R ). 

(iv) If Tl * T r / P HA 
and FEV(P) = 0 

then A = (A L * (A R ,0)) and (F L * (F R ,0)) (A L * A R ). 

(v) if r L *r R ha : =T:KHA 
and (FEV(t) U {&}) C dom(r R ) 

then A = (Al * A R ) and (Fl * Tr) -*-* (Al * A R ). 

(vi) If T l *r R FP = QHA 

and FEV(P) U FEV(Q) C dom(r R ) 

then A = (Al * A R ) and (Fl * Tr) (Al * A R ). 

(vii) If T [ * r R h A = B HA 

and FEV(A) U FEV(B) C dom(F R ) 

then A = (Al * A R ) and (Fl * Tr) (Al * A R ). 


Lemma 71 (Separation for Subtyping). | Go to proof 
Iff L *r R FA<: ± BHA 
and FEV(A) C dom(r R ) 
and FEV(B) C dom(r R ) 

then A = (Al * A R ) and (Tl * T R ) -^r 4 (Al * A R ). 


Lemma 72 (Separation — Main) . Go to proof 


(Spines) Jf r L *r R l- s:Ap>Ct| HA 
or F L * T r F s : A p » C [~q] HA 
and Tl * T r h A p type 
and FEV(A) C dom(F R ) 

then A = (Al * A R ) and (Fl * T R ) (Al * A R ) and FEV(C) C dom(A R ). 

(Checking) 1/Tl * F R P e<=Cp HA 
and Tl * T R h C p type 
and FEV(C) C dom(F R ) 

then A = (Al * A R ) and (Fl * T R ) (Al * A R ). 

(Synthesis) If Tl * F R P eH Ap HA 

then A = (Al * A R ) and (Tl * r R ) h* 4 (Al * A R ). 

(Match) Iff l * F R P FT :: A<= Cp HA 
and FEV(A) = 0 
and FEV(C) C dom(F R ) 

then A = (Al * A R ) and (Tl * T R ) (Al * A R ). 
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(Match Elim.) Iff f * Fr / P b FT :: A <^= C p HA 
and FEV(P) = 0 
and FEV(A) = 0 
and FEV(C) C dom(F R ) 

then A = (Al * Ar) and (Tl * Fr) -*-> (Al * Ar). 

H Decidability of Algorithmic Subtyping 

Definition 6. The following connectives are large: 

V d A 

A type is large iff its head connective is large. ( Note that a non-large type may contain large connectives, 
provided they are not in head position.) 

The number of these connectives in a type A is denoted by# large(A). 


H.l Lemmas for Decidability of Subtyping 

Lemma 73 (Substitution Isn’t Large) . | Go to prool\ 

For all contexts Q, we have #large([0]A) = #large(A). 

Lemma 74 (Instantiation Solves). Go to prool\ 

Iff b cfc := x : k HA and [F]t = x and & ^ FV([F]x) then |unsolved(F)| = |unsolved(A)| + I . 

Lemma 75 (Checkeq Solving). Go to prool\ Iff b s A t : k HA then either A = F or | unsolved (A) | < 
|unsolved(r)|. 

Lemma 76 (Prop Equiv Solving). Go to prool\ 

If T b P = Q HA then either A = F or |unsolved(A)| < |unsolved(F)|. 

Lemma 77 (Equiv Solving). Go to prooi\ 

Iff b A = B HA then either A = F or |unsolved(A)| < |unsolved(F)|. 

Lemma 78 (Decidability of Propositional Judgments). Go to prool\ 

The following judgments are decidable, with A as output in (l)-(3), and A as output in (4) and (5). 

We assume cr = [r]cr and t = [F]t in (1) and (4). Similarly, in the other parts we assume P = [F]P and 
(in part (3)) Q = [F]Q. 


(1) Fb cr = t : k HA 

(2) F b P true H A 

(3) F b P = Q H A 

(4) r/ffHt: k H A 1 - 

(5) T/PHA 1 


Lemma 79 (Decidability of Equivalence). Go to proot 

Given a context F and types A, B such that T b A type and V b B type and [F] A = A and [FJB = B, it is 
decidable whether there exists A such that F b A = B HA. 


H.2 Decidability of Subtyping 

Theorem 1 (Decidability of Sub typing). | Go to proof 

Given a context F and types A, B such that V b A type and V b B type and [FJ A = A and [F]B = B, it is 
decidable whether there exists A such that F b A<: ± B HA. 
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H.3 Decidability of Matching and Coverage 

Lemma 80 (Decidability of Expansion Judgments) . |Go to proof 
Given branches IT, it is decidable whether: 

(1) there exists TV such thatTT '2> TT'; 

(2) there exist TT^ and TTr such thatTT -i* TTl || TTr; 

(3) there exists FT' such thatTT ™ TT'; 

(4) there exists TT' such thatTT IT'. 


Theorem 2 (Decidability of Coverage) . Go to prooi 

Given a context F, branches FT and types A, it is decidable whether F b II covers A is derivable. 


H.4 Decidability of Typing 

Theorem 3 (Decidability of Typing). [Go to proof\ 

(i) Synthesis: Given a context F, a principality p, and a term e, 

it is decidable whether there exist a type A and a context A such that 
FI- e=lAp HA. 

(ii) Spines: Given a context F, a spine s, a principality p, and a type A such that TEA type, 
it is decidable whether there exist a type B, a principality q and a context A such that 
Tb s:Ap>Bq HA. 

(Hi) Checking: Given a context F, a principality p, a term e, and a type B such that F H B type, 
it is decidable whether there is a context A such that 
Tb ebBp HA. 

(iv) Matching: Given a context F, branches FT, a list of types A, a type C, and a principality p, it is 
decidable whether there exists A such that Fb FT :: A C p HA. 

Also, if given a proposition P as well, it is decidable whether there exists A such that F / P b TT :: 
A b C p HA. 


I Determinacy 


Lemma 81 (Determinacy of Auxiliary Judgments). Go to proof 


(1) Elimeq: Given T, u, t, k such that FEV(cr) U FEV(t) = 
T>2 :: F / ct = t : k H A j;. 


and :: T / cr A t : k 


it is the case that Aj- = Aj; ■ 

(2) Instantiation: Given F, &, t, k such that ct £ unsolved(r) and Tb t: k and & FV(t) 
and X>i :: T b ct := t : k H Ai and T >2 :: T b ct := t : k H A 2 
it is the case that Ai = A 2 . 


H Af and 


(3) Symmetric instantiation: 

Given F, 6 t, $, k such that 6 t, $ £ unsolved(F) and ct ^ 0 
and Xh :: T b ct := j 3 : k H Ai and V2 :: F b j? := ft : k H A2 
it is the case that Ai = A2. 

(4) Checkeq: Given F, cr, t, k such that :: F b a A t : k H Ai and V2 :: F b a A t : k H A2 
it is the case that Ai = A2. 

(5) Elimprop: Given F, P such that :: T / P H Af and X>2 :: F / P H Aj; 
it is the case that Ai = A2. 

(6) Checkprop: Given T, P such thatV-\ :: F b P true H Ai and V2 :: F b P true H A2, 
it is the case that Ai = A2. 
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Lemma 82 (Determinacy of Equivalence). Go to proof 

(1) Propositional equivalence: Given P, P, Q such thatVi :: T b P = Q H Ai and T >2 :: T b P = Q H Az, 
it is the case that Ai = Az- 

(2) Type equivalence: Given P, A, B such thatT>i :: P I- A = B H Ai and T>z :: P I- A = B H Az, 
it is the case that Ai = Az. 


Theorem 4 (Determinacy of Subtyping). Go to prooi 


(1) Subtyping: Given P, e, A, B such thatV i :: P b A <. B H Ai and Vz'.'.T C A <: ± B H Az, 
it is the case that Ai = Az- 


Theorem 5 (Determinacy of Typing). Go to prooi 


(1) Checking: Given V, e, A, p such that V] :: V b eb Ap H Ai and V 2 :: Th e<=Ap H A 2 , 
it is the case that Ai = A 2 . 


(2) Synthesis: Given r, e such thatV 1 :: P b e =}■ Bi pi H Ai and T>z :: T b e =4 Bz P 2 H A 2 , 
it is the case that Bi = B 2 and pi = p 2 and Ai = Az- 

(3) Spine judgments: 

Given P, e, A, p such that P] ::Ph e:Ap>Ci qi H Ai and T>z :: P b e : A p C2 c\z H Az, 
it is the case that Ci = C 2 and q 1 = q 2 and Ai = Az- 

The same applies for derivations of the principality-recovering judgments T b e : A p » Cic fqicl H 
Ak- 


(4) Match judgments: 

Given P, 17, A, p, C such that 2?i :: P b 17 :: A <b= C p H Ai and T>z :: P b 17 :: A <£= C p H Az, 
it is the case that Ai = A 2 . 

Given P, P, 17, A, p, C 

such that V 1 :: T / P b 17 :: A <^= C p H Ai and T>z :: P / P b 17::A^=Cp H A 2 , 
it is the case that Ai = A 2 . 


J Soundness 


J.l Soundness of Instantiation 


Lemma 83 (Soundness of Instantiation). Go to prooi 
If T b &:=t:k HA and & ^ FV([P]t) and [P]t = t and A 


Cl then [£>]& = [17]t. 


J.2 Soundness of Checkeq 

Lemma 84 (Soundness of Checkeq) , | Go to prooi 
If T b (jbt: k HA where A — > Cl then [11] a = [£l]t. 


J.3 Soundness of Equivalence (Propositions and Types) 


Lemma 85 (Soundness of Propositional Equivalence) . | Go to prooil 
If T b P = Q HA where A — > Cl then [H]P = [£1]Q. 


Lemma 86 (Soundness of Algorithmic Equivalence) . Go to prooi 
If T b A = B HA where A — > Q then [I1]A = [OJB. 


J.4 Soundness of Checkprop 

Lemma 87 (Soundness of Checkprop). | Go to prooi 
Iff b P true H A and A — > Cl then V b [£>]P true. 
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J.5 Soundness of Eliminations (Equality and Proposition) 

Lemma 88 (Soundness of Equality Elimination) . |Go to prop f\ 

If [r]cr = cr and [F]t = t and V F cr : k and r F t : k and FEV(cr) U FEV(t) = 0, then: 

(1) If r/(i = t: k H A 

then A = (F, 0) where 0 = (oci = ti , . . . , a n = t n ) and 
for all Cl such that F — > O 
and all t' such that Cl F t' : k', 

it is the case that [£1, 0]t' = [0] where 0 = mgu(cr, t). 

(2) Iff / cr = t : k H _L then mgu(u, t) = ± (that is, no most general unifier exists). 


J.6 Soundness of Subtyping 


Theorem 6 (Soundness of Algorithmic Subtyping) . Go to proof 
If [r]A = A and [F] B = B and F F A type and V F B type and A 
[0] A F [0] A < ± [0]B. 


Cl and f F A < : ± B HA then 


J.7 Soundness of Typing 


Theorem 7 (Soundness of Match Coverage) . Go to proof 


1. If T F FI covers A and F — > Cl and TF A! types and [F]A = A then [O] F F TT covers A. 

2. Iff / P F FT covers A and V — t Cl and V F A ! types and [r]A = A and [F] P = P then [£l]r / P F 
FT covers A. 


Lemma 89 (Well-formedness of Algorithmic Typing). Go to proof 
Given F ctx: 


(i) If T F eH Ap HA then A F A p type. 

(ii) If T F s:Ap>Bt| HA and F F A p type then A F B q type. 

Definition 7 (Measure). Let measure M on typing judgments be a lexicographic ordering: 


1. first, the subject expression e, spine s, or matches TT — regarding all types in annotations as equal in 
size; 

2. second, the partial order on judgment forms where an ordinary spine judgment is smaller than 
a principality-recovering spine judgment — and with all other judgment forms considered equal in 
size; and, 

3. third, the derivation height. 


/ ordinary spine judgment \ 

(e/s/TT, < , height(£>)\ 

\ recovering spine judgment / 

Note that this definition doesn’t take notice of whether a spine judgment is declarative or algorithmic. 

This measure works to show soundness and completeness. We list each rule below, along with a 3- 
tuple. For example, for Sub we write (=, =, <), meaning that each judgment to which we need to apply 
the i.h. has a subject of the same size (=), a judgment form of the same size (=) , and a smaller derivation 
height. We write — when a part of the measure need not be considered because a lexicographically more 
significant part is smaller, as in the Anno rule, where the premise has a smaller subject: (<, — , — ). 
Algorithmic rules (soundness cases) : 

• Var, II, lift, EmptySpine and Nil have no premises, or only auxiliary judgments as premises. 

• ISubt (=,=,<) 
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• lAnnol 

• VI, VSpine, Al: (=,=,<} 

• Dl; (=,=,<) 

• Dl_L has only an auxiliary judgment, to which we need not apply the i.h., putting it in the same 
class as the rules with no premises. 

• DSpine: (=, =, <) 

• — d, — d&, — )E, Reel , — } 

• SpineRecover: (=,<,—) 

• SpinePass: (=,<,—) 

• — >Spine, +lk, +l&k) xl, xl&, Cons: 

• &Spine: (=,=,<) 

• Case: 

Declarative rules (completeness cases) : 

• DecIVar, Declll, DeclEmptySpine and DecINil have no premises, or only auxiliary judgments as 
premises. 

• DecISub: (=,=,<) 

• DeclAnno: 

• DecIVI, DecIVSpine, DeclAI, DeclDl, DeclDSpine: (=,=,<) 

• Decl— d, Decl— >E, DecIRec: 

• DecISpineRecover: (=,<,—) 

• DecISpinePass: (=,<,—) 

• Decl— >Spine, Decl+lk, Declxl, DecICase, DecICons, 


Theorem 8 (Soundness of Algorithmic Typing) . Go to proof 
Given A — ■> Cl: 


(i) If T P ehAp HA and F P A p type then [Cl] A P [O] e <^= [Cl] A p. 

(ii) Iff P e VAp HA then [Cl] A P [Cl]e [Cl] A p. 

(in) If F P s:Ap>Bt| HA and F P A p type then [Cl] A P [Cl] s : [Cl] A p [£1]B q. 

(iv) Iff P s:Ap>B [q] HA and F P A p type then [Cl] A P [Cl] s : [Cl] A p 3> [Cl] B [q]. 

(v) Iff P TT :: A <p: C p HA and TP A! types and [r]A = A and F P C p type 
then [Cl] A P [Cl] FI :: [£1]A <= [C1]C p. 

(vi) Iff / P P TT :: A <£= C p HA and TP P prop and FEV(P) = 0 and [r]P = P 
and T P A ! types and TP Cp type 

then [Cl] A / [£1]P P [£1]TT :: [Cl] A [C1]C p. 
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K Completeness 


K. 1 Completeness of Auxiliary Judgments 


Lemma 90 (Completeness of Instantiation) . |Go to prop f\ 

Given T — > Cl and dom(r) = dom(D) and Th t:k and % = [F]t and ft € unsolved(F) and ft ^ FV(x): 

If [H] ft = [Q]t 

then there are A, Cl' such that Cl — > Cl' and A — > Cl' and dom(A) = dom(Q') and F F ft := t : k HA. 


Lemma 91 (Completeness of Checkeq). Go to prooi 

Given F — > O and dom(r) = dom(D) 

and F h a : k and Th t:k 

and [0](j = [fl]x 

then F h [F]cr = [F]x : k H A 

where A — > Cl' and dom(A) = dom(£l') and Cl — > O'. 


Lemma 92 (Completeness of Elimeq). Go to prooi 

If [FJ cr = cr and [F]t = t and F F a : k and F I- t : k and FEV(cr) U FEV(t) = i 


then: 


(1) If mgu(cr, t) = 0 

then F / cr A t : k H (F, A) 

where A has the form ai = ti , . . . , = t n 

and for all u such that T F u : k , it is the case that [F, A]u = 0([r]u). 

(2) If mgu(cr, t) = _L (that is, no most general unifier exists) then F / a A t : k H_L. 


Lemma 93 (Substitution Upgrade). 

If A has the form oti = ti , . . . , a n = 
and, for all u such that F h u : k, it is the case that [F, A]u = 0([F]u), 


then: 





(i) 

IfF F 

A type then [P, A]A = 0([F]A). 

(h) 

IfF - 

-4 Cl 

then 

[n]r = 0(LQ]r). 

(Hi) 

IfF - 

-4 Cl 

then 

[n,A](r,A) = 0([Q]r) 

(iv) 

IfF - 

-4 Cl 

then 

[Q,A]e = 0([Q]e). 


Go to prooi 


Lemma 94 (Completeness of Propequiv). Go to prooi 
Given F — > Cl 


and F F P prop and TF Q prop 
and [£2]P = [Q]Q 
then T h [F]P = [F]Q HA 
where A — > Cl' and O — > Cl'. 


Lemma 95 (Completeness of Checkprop). Go to prooi 

If T — > Cl and dom(r) = dom(D) 

and F F P prop 

and [F]P = P 

and [Q]T F [£1]P true 


then T F P true H A 

where A — > Cl' and O — > £1' and dom(A) = dom(D'). 


K.2 Completeness of Equivalence and Subtyping 

Lemma 96 (Completeness of Equiv). | Go to prooI\ 

If T — > O and T F A type and T F B type 
and [Q]A = [O] B 

then there exist A and Cl’ such that A — > Cl' and Cl — > Cl' and F F [F]A = [T]B H A. 
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Theorem 9 (Completeness of Subtyping) . Go to proof 

IfV — > d and dom(r) = dom(d) and T b A type and F I— B type 

and [d]f b [d]A < ± [d]B 


then there exist A and Cl' such that A — > Cl' 

and dom(A) = dom(d') 

and Cl — > Cl' 

and Tb [F] A <: ± [F]B HA. 


K.3 Completeness of Typing 


Theorem 10 (Completeness of Match Coverage). Go to proof 

Cl and P b A ! types and [f] A = A 


1. ff[Cl]r b [d]fT covers [d]A and V 
then P b Tf covers A. 

2. If[Cl]V / [Q]P b [d]TT covers [d]A and V 
then P / P b IT covers A. 


Theorem 11 (Completeness of Algorithmic Typing). Go to proof Given V 
dom (d): 


d and P b A ! types and [r]A = A and [F]P = P 

> Cl such that dom(F) = 


(i) If T b A p type and [d]P b [d]e <b= [d]A p and p' Cp 
then there exist A and Cl' 

such that A — > d' and dom(A) = dom(d') and Cl — > d' 
and T b e <b= [F] A p' HA. 

(ii) If F b A p type and [d]P b [d]e 4 Ap 
then there exist A, Cl', A', andp' C p 

such that A — > d' and dom(A) = dom(d') and Cl — > d' 
and Tb eHA'p' HA and A' = [A] A' and A = [d']A'. 

(iii) If T b A p type and [d]P b [d]s : [d]A p>Bq and p' Cp 
then there exist A, Cl', B' and q' C q 

such that A — > d' and dom(A) = dom(d') and Cl — > d' 
and Tbs: [F] A p' B' q' HA and B' = [A] B ' and B = [d']B'. 

(iv) If T b A p type and [d]P b [d]s : [d]A p>B [q] andp' C p 
then there exist A, Cl', B', and q' C q 

such that A — > d' and dom(A) = dom(d') and Cl — > d' 
and Tbs: [F] A p' B' |"q'] HA and B' = [A] B ' and B = [d'JB'. 

(v) If T b A ! types and V b C p type and [d]P b [d]TT :: [d]A <^= [d]Cp andp' C p 
then there exist A, Cl', and C 

such that A — > d' and dom(A) = dom(d') and Cl — > d' 
and T b 17:: [F]X <4= [F]Cp' HA. 

( vi ) If T b A ! types and V b P prop and FEV(P) = 0 and Tb Cp type 
and [d]F / [d]P b [d]n :: [d]A b[d]Cp 

and p' Cp 

then there exist A, Cl', and C 

such that A — > d' and dom(A) = dom(d') and Cl — > d' 
and T / [F]P b 17 :: [F]A ^ [F]C p' H A. 
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Proofs 

In the rest of this document, we prove the results stated above, with the same sectioning. 

B' Properties of the Declarative System 

Lemma 1 (Declarative Well-foundedness). 

The inductive definition of the following judgments is well-founded: 

(i) synthesis ¥h e =b B p 

(ii) checking ¥h e <^= A p 

(iii) checking, equality elimination V / P b e b C p 

(iv) ordinary spine ¥h s:Ap>B q 

(v) recovery spine ¥h s : A p » B | q] 

(vi) pattern matching W b II :: A <b C p 

(vii) pattern matching, equality elimination T / P b fT::A^=Cp 

Proof. Let \e\ be the size of the expression e. Let |s| be the size of the spine s. Let |TT| be the size of the 
branch list Ff. Let #large(A) be the number of “large” connectives V, 3, D, A in A. 

First, stratify judgments by the size of the term (expression, spine, or branches), and say that a 
judgment is at n if it types a term of size n. Order the main judgment forms as follows: 

synthesis judgment at n 

< checking judgments at n 

< ordinary spine judgment at n 

< recovery spine judgment at n 

< match judgments at rr 

< synthesis judgment at n + 1 


Within the checking judgment forms at n, we compare types lexicographically, first by the number of 
large connectives, and then by the ordinary size. Within the match judgment forms at n, we compare 
using a lexicographic order of, first, #large(A); second, the judgment form, considering the match judg- 
ment to be smaller than the matchelim judgment; third, the size of A. These criteria order the judgments 
as follows: 

synthesis judgment at n 

< (checking judgment at n with #large(A) = 1 

< checkelim judgment at n with #large(A) = 1 

< checking judgment at n with #large(A) = 2 

< checkelim judgment at n with #large(A) = 2 

< ...) 

< (match judgment at u with #large(A) = 1 and A of size 1 

< match judgment at n with #large(A) = 1 and A of size 2 

< matchelim judgment at n with #large(A) = 1 

< match judgment at n with #large(A) = 2 and A of size 1 

< match judgment at n with #large(A) = 2 and A of size 2 

< matchelim judgment at n with #large(A) = 2 

< ...) 


The class of ordinary spine judgments at 1 need not be refined, because the only ordinary spine rule 
applicable to a spine of size 1 is|DeclEmptySpine which has no premises; rules |DeclVSpine[ |DeclpSpme 


and|Decl— >Spine are restricted to non-empty spines and can only apply to larger terms. 


Proof of ILemma II ([Declarative Well-foundednessll lem:declarative- well-founded 
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Similarly, the class of match judgments at 1 need not be refined, because only Decl Match Empty is 
applicable. 

Note that we distinguish the “checkelim” form ¥/Ph e A p of the checking judgment. We also 
define the size of an expression e to consider all types in annotations to be of the same size, that is, 

|(e : A) | = |e| + 1 

Thus, |0(e)| = |e|, even when e has annotations. This is used for DecICheckUnify; see below. 

We assume that coverage, which does not depend on any other typing judgments, is well-founded. 
We likewise assume that subtyping, 'Fh A type, T 7 h x : k, and h 7 1- P prop are well-founded. 

We now show that, for each class of judgments, every judgment in that class depends only on smaller 
judgments. 

• Synthesis judgments 

Claim: For all n, synthesis at n depends only on judgments at n — 1 or less. 

Proof. Rule lDecIVarl has no premises. 

Rule [DedAnno] depends on a premise at a strictly smaller term. 

Rule lDecI > El depends on (1) a synthesis premise at a strictly smaller term, and (2) a recovery spine 
judgment at a strictly smaller term. 

• Checking judgments 

Claim: For all n > 1 , the checking judgment over terms of size n with type of size m depends only 
on 

(1) synthesis judgments at size n or smaller, and 

(2) checking judgments at size n — 1 or smaller, and 

(3) checking judgments at size n with fewer large connectives, and 

(4) checkelim judgments at size u with fewer large connectives, and 

(5) match judgments at size n — 1 or smaller. 

Proof. Rule [DedSub] depends on a synthesis judgment of size n. (1) 

Rule lDecilil has no premises. 

Rule I Decivil depends on a checking judgment at u with fewer large connectives. (3) 

Rule lDecI All depends on a checking judgment at n. with fewer large connectives. (3) 

Rule IDeclp II depends on a checkelim judgment at u with fewer large connectives. (4) 

Rules IDecI >11 IDecIRecI IDecl+hl IDeclxIl and IDecIConsl depend on checking judgments at size < n. 

( 2 ) 

Rule I Peel N ill depends only on an auxiliary judgment. 

Rule I DecICasel depends on: 

- a synthesis judgment at size n (1), 

- a match judgment at size < n (5), and 

- a coverage judgment. 

• Checkelim judgments 

Claim: For all n > 1 , the checkelim judgment 'f/PI- ehAp over terms of size u depends only 
on checking judgments at size n, with a type A' such that #large(A') = #large(A). 

Proof. Rule DecICheckl has no nontrivial premises. 

Rule |DeclCheckUnlfy| depends on a checking judgment: Since |0(e)| = |e|, this checking judgment is 
at u. Since the mgu 0 is over monotypes, #large(0(A)) = #large(A). 

• Ordinary spine judgments 

An ordinary spine judgment at 1 depends on no other judgments: the only spine of size 1 is the 
empty spine, so only | Decl Em ptySpme| applies, and it has no premises. 

Claim: For all n > 2, the ordinary spine judgment ¥h s:Ap>Cq over spines of size n depends 
only on 


Proof of ILemma II ([Declarative Well-foundednessll lem:declarative- well-founded 
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(a) checking judgments at size n-1 or smaller, and 

(b) ordinary spine judgments at size n-1 or smaller, and 

(c) ordinary spine judgments at size n with strictly smaller #large(A). 


Proof. Rule |DeclVSpine| depends on an ordinary spine judgment of size n, with a type that has fewer 
large connectives, (c) 

Rule [Ded3Spme] depends on an ordinary spine judgment of size n, with a type that has fewer large 
connectives, (c) 

Rule DeclEmptySpine| has no premises. 

Rule Peel— >Spine| depends on a checking judgment of size n — 1 or smaller (a) and an ordinary spine 
judgment of size n — 1 or smaller (b). 


• Recovery spine judgments 

Claim: For all n, the recovery spine judgment at n depends only on ordinary spine judgments at n. 
Proof. Rules [DecISpineRecover and |DeclSpinePass] depend only on ordinary spine judgments at n. 

• Match judgments 

Claim: For all n > 1 , the match judgment 'Fh FT :: A <= C p over FT of size n depends only on 


(a) checking judgments at size n — 1 or smaller, and 

(b) match judgments at size n — 1 or smaller, and 

(c) match judgments at size u with smaller A, and 

(d) matchelim judgments at size n with fewer large connectives in A. 


Proof. Rule |Decl Match Em pty| has no premises. 

Rule DecIMatchSeq depends on match judgments at n— 1 or smaller (b). 

Rule Decl Match Base depends on a checking judgment at n — 1 or smaller (a). 

Rules DecIMatchUnit, DecIMatchx, DecIMatch+ic, DecIMatchNeg, and DecIMatchWild depend on 
match judgments at n — 1 or smaller (b) . 

Rule DeclMatch3 depends on a match judgment at size u with smaller A (c). 

Rule DecIMatchA depends on an matchelim judgment at n, with fewer large connectives in A. (d) 


• Matchelim judgments 

Claim: For all u > 1 , the matchelim judgment W/Ffh P :: A C p over W of size n depends only 
on match judgments with the same number of large connectives in A. 


Proof. Rule DecIMatchA has no nontrivial premises. 

Rule Decl Match Unify depends on a match judgment with the same number of large connectives 
(similar to DeclCheckUnify[ considered above) . □ 


Lemma 2 (Declarative Weakening) . 

(i) IfW ojM/i I- t : k then h t : k. 


(ii) 7fh / o ) h'i I- P prop then h / o,T',h / i h P prop. 

(Hi) If W 0 , h P true then Wo, Mkhp I- P true. 

(iv) IfW ojM/i h A type thenW o,h / ,T'i P A type. 

Proof. By induction on the derivation. □ 

Lemma 3 (Declarative Term Substitution). Suppose W h t : k. Then: 


1. IfWo,cc: K,hh h t' : k then Wo, [t/alb 7 ] I- [t/a] t ' : k. 

2. IfWo, a : k,^ h P prop then Wo, [t/a]¥i h [t/a] P prop. 

3. IfW o,u: K,hh h A type then h'o, [t/a]hh h [t/a]A type. 

4. IfW o, a : K,hh h A < ± B thenW 0 , [t/a]A| h [t/a] A < ± [t/a]B. 
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5. If W 0 , oc : k,¥i b P true thenW o, [t/ocJM^i b [t/cxjP true. 

Proof. By induction on the derivation of the substitutee. □ 

Lemma 4 (Reflexivity of Declarative Sub typing). 

Given ¥b A type, we have thatW b A < ± A. 

Proof. By induction on A, writing p for the sign of the sub typing judgment. 

Our induction metric is the number of quantifiers on the outside of A, plus one if the polarity of A 
and the subtyping judgment do not match up (that is, if neg{ A) and p = +, orpos(A) and p = — ). 


• Case nonpos(A),nonneg(A),p = ±: 
By rule <Refl±. 


• Case A = 3b : k. B, p = +: 

¥, b : k b B < + B 
V, b : k b b : k 
¥,b : k b B <+ 3b : k. B 
W b 3b : k. B < + 3b : 

• Case A = 3b : k. B, p = — : 

W b 3b : k. B <+ 3b : k. B 
¥ b 3b : k. B <“ 3b : k. B 

• Case A = Vb : k. B, p = +: 

W b Vb : k. B <“ Vb : k. B 
W b Vb : k. B <+ Vb : k. B 

• Case A = Vb : k. B, p = — : 

¥,b : k b B <~ B 
¥, b : k b b : k 
¥, b : k b Vb : k. B <“ B 
W b Vb : k. B <“ Vb : 


By i.h. (one less quantifier) 
By rule UvarSort 
By rule <3R 
. B By rule <3L 


By i.h. (polarities match) 
By <± 


By i.h. (polarities match) 

By <; 


By i.h. (one less quantifier) 
By rule lUvarSortl 
By rule <VL 
. B By rule <VR 


Lemma 5 (Subtyping Inversion) . 

• IfW b 3cc : k. A < + B then ¥, oc : k b A < + B. 

• IfW b A < V|3 : k. B thenW, |3 : k b A < B. 


Proof. By a routine induction on the subtyping derivations. 

Lemma 6 (Subtyping Polarity Flip) . 

• If nonpos(A) and nonpos{ B) andW b A < + B 

then ¥ b A < B by a derivation of the same or smaller size. 

• Ifnonneg( A) and nonnegl B) andW b A <~ B 

then ¥ b A < + B by a derivation of the same or smaller size. 

• If nonpos[A) and nonneg{ A) and nonpos{ B) and nonneg{ B) andW b A < ± B 
then A = B. 


□ 


□ 


Proof. By a routine induction on the subtyping derivations. □ 

Lemma 7 (Transitivity of Declarative Subtyping) . 

Given ¥ b A type and ¥ b B type and ¥ b C type: 

(i) IfV] ¥ b A < ± B and V 2 :: ¥ b B <± C 
then ¥ b A < ± C. 


Proof of ILemma 7V{ Transitivity of Declarative Subtyping ) lem:declarative-transitivity 
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Proof. By lexicographic induction on (1) the sum of head quantifiers in A, B, and C, and (2) the size of 
the derivation. 

We begin by case analysis on the shape of B, and the polarity of subtyping: 

• Case B = V|3 : k 2 . B', polarity = — : 

We case-analyze : 


- Case 


¥ b T : Ki ¥ b pt/ct] A' < B 


B 


[lyg 


B 


V b t : K] 

'P b [t/<x]A' < 
'fbBOC 
W b [r/oc]A' <- C 
Wh A <- C 


V b Va : ki . A' < 

Subderivation 
Subderivation 
Given 

By i.h. (A lost a quantifier) 
By rule |<VLl 


- Case 


¥, |3 : k 2 b A B ' 


¥b A<“ V(3 : k 2 .B 
We case-analyze X> 2 : 

* Case 


7 [<VR] 


fbt:K 2 ¥b [t/| 3]B' <“ C 
Vb V(3 : k 2 . B 7 <“ C 


[<vg 


W, (3 : k 2 b A <“ B' 

¥ b t : k 2 
¥b [t/ (3] B ' <“ C 
¥bAC [x/|3]B' 
¥bACC 

* Case ¥,c : k 3 b B <“ C' 
fb B <“ Vc : k 3 . C 

¥bACB 
^,c : k 3 b A <“ B 

¥,c : k 3 b B <“ C' 


^CiKjbAC C' 

Vb B <“ Vc: k 3 . C' 


By Lemma [5] ( Subtyping Inversion I on V\ 

Subderivation 

Subderivation of Z) 2 

By Lemma [3] dDeclarative Term Substitution!) 
By i.h. (B lost a quantifier) 


7 [<VR] 


Given 

By Lemma [2] ( [Declarative Weakening) ) 

Subderivation 

By i.h. (C lost a quantifier) 

By RVRl 


• Case nonpos(B), polarity = 
Now we case-analyze V\ : 


+: 


- Case 


Y, oc : t b A' < + B 
¥b 3a: kt. A' <+ B 


ms 


A 

W,oc: Th A' < + B 

Subderivation 

W, a : x b B < + C 

By Lemma[2| ([Declarative Weakening) (X> 2 ) 

V, a : x b A' < + C 

By i.h. (A lost a quantifier) 

^P b 3a : ki . A 1 < + C 

By[<3q 


- Case 


VbACB 


nonpos(A) nonpos(B) 


'Pb A < H 

Now we case-analyze X> 2 : 


B 


<: 


Proof of ILemma 7V{ Transitivity of Declarative Subtyping ) lem:declarative-transitivity 
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* Case 


¥h t: k 3 ¥b B <+ [t/c]C' 
¥b B <+ 3c: k 3 .C' 




¥ I- A <+ B 
¥ h t : Kj 
¥b B <+ [x/c]C' 
¥h A <+ [t/c]C' 
¥h A <+ 3c : k 3 . C' 


c 

Given 

Subderivation of P 2 
Subderivation of P 2 
By i.h. (C lost a quantifier) 
By [<3Rl 


* ^ ase V |- B < C nonpos(B) nonpos(C) 
¥ b B <+ C 


fhACB 
B <“ C 
¥ b A <~ C 
nonpos(A) 
nonpos{ C) 
¥ b A <+ C 


Subderivation of Pi 
Subderivation of V 2 
By i.h. (Pi and P 2 smaller) 
Subderivation of Pi 
Subderivation of P 2 



• Case B = 3(3 : K 2 . B', polarity = +: 
Now we case-analyze P 2 ' 


'-use q/ 1— T . K3 

¥h B <+ 3ct: k 3 . C' 






¥ b t : k 3 Subderivation of P 2 

¥ b B < + [t/cc ]C' Subderivation of P 2 
Vh A < + B Given 

¥ b A < + [v/aJC' By i.h. (C lost a quantifier) 
¥ b A < + C By rule |<3Rl 


- Case 


¥, (3 : k 2 h B' <+ C 
¥h 3(3 : k 2 . B ' <+ C 


isg 


Now we case-analyze Pi : 


* Case 


fht:K 2 ¥h A<+ [t/ (3] B ' 
¥b A <+ 3(3 : k 2 . B' 


EM 


¥,(3 : k 2 b B' < + C Subderivation of P 2 

¥ b t : K 2 Subderivation of Pi 

¥ b A < + [t/PJB' Subderivation of Pi 

¥ b [t/ (3J B ' < + C By Lemma [3l ((Declarative Term Substitution!) 
¥ b A < + C By i.h. (B lost a quantifier) 


¥,a: ki b A <+ B , , 

— 1 r R3L1 

¥ b 3a: k,. A' <+ B ^ — 


A 


¥b B <+ C 

Given 

¥,a: ki b A' <+ B 

Subderivation of Pi 

¥,a: ki b A' <+ B 

By Lemma [2] ( Declarative Weakening 1 

¥,a: ki b A' <+ C 

By i.h. (A lost a quantifier) 

¥b 3a: k,. A' <+ C 

By[<3L] 


Proof of ILemma 7f( Transitivity of Declarative Subtyping ) lem:declarative-transitivity 


Proof ohLemma 7\ ( Transitivity of Declarative Subtyping|) lem:declarative-transitivity 
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• Case nonneg{ B), polarity = — : 
We case-analyze V 2 : 


- Case 


Y,c : k 3 b B <+ C' 


¥h B < + 3c : k 3 . C 
c 

^,c : k 3 b B <+ C' 
f,c:K 3 hA< + B 
^,c : k 3 b A <+ C' 

Yb A <+ Vc : k 3 . C' 


7 [< m 


Subderivation of V 2 

By Lemma [2] ( [Declarative Weakening I 

By i.h. (C lost a quantifier) 

By RVRl 


- Case 


B < + C nonneg( B] nonneg{ C) 


¥hBOC 


<? 


We case-analyze V\ 

* Case 


Vh t: Kl ¥h [x/a]A' <T B 


^ b Voc : Ki . A' < 

A 


B 


[<yg 


¥b B <“ C 

b T : K] 

W b [x/a]A' < 
W b [x/a]A' < 
Tb Va: kt. A' 

* Case |_ ^ <+ 

Given 

Subderivation of T> 1 
B Subderivation of £>1 

C By i.h. (A lost a quantifier) 

<" C By[<VL| 

B nonpos{ A) nonpos( B) 


I'bACB ^ 

TbA<+B 

Subderivation of Zb 

TbB< + C 

Subderivation of £b 

TbA<+C 

By i.h. ( 2 ?i and V2 smaller) 

nonneg( A) 

Subderivation of £>2 

nonneg{ C) 

Subderivation of £b 

TbACC 

Byi^ 


□ 


C' Substitution and Well-formedness Properties 

Lemma 8 (Substitution — Well-formedness). 

(i) If T b A p type and T b t p type then V b [x/oc]A p type. 

(if) If T b P prop and T b t p type then P b [x/a]P prop. 

Moreover, ifp = ! and FEV([r]P) = 0 then FEV([r][x/a]P) = 0. 

Proof. By induction on the derivations of V b A p type and V b P prop. □ 

Lemma 9 (Uvar Preservation). 

If A — > D then: 

(i) If (a : k) eQ then (a : k) € [OJA. 

(ii) If[x : Ap) e Cl then (x : [CljAp) G [OJA. 

Proof. By induction on O, following the definition of context application (Figure ??). □ 

Lemma 10 (Sorting Implies Typing). If V b t : * then Fb L type. 


Proof of ILemma lTTi Right-Hand Substitution for Sorting ) lem:substitution-sort 


Proof ohLemma ll\ (|Right-Hand Substitution for SortingP lem:substitution-sort 
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Proof. By induction on the given derivation. All cases are straightforward. □ 

Lemma 11 (Right-Hand Substitution for Sorting). If V b t : k then V b [F]t : k. 

Proof. By induction on |F b t| (the size of t under F). 

• Cases UnitSort: Here t = 1, so applying T to t does not change it: t = [P]t. Since T b t : k, we 

have P b [F]t : k, which was to be shown. 

• Case VarSort: If t is an existential variable 6t, then F = Fo[6t], so applying F to L does not change 

it, and we proceed as in the lUnitSortl case above. 

If t is a universal variable a and V has no equation for it, then proceed as in the lUnitSortl case. 
Otherwise, t = a and (a = t) e F: 

F = (F l , a : k, r M , a = t, T r ) 

By the implicit assumption that F is well-formed, Tl, a : k, Tm b x : k. 

By Lemma [34l ( | Suffix WeakeningP , V b t : k. Since |F bx| < |F b a|, we can apply the i.h., giving 

F b [F]t : k 

By the definition of substitution, [F]x = [F]a, so we have V b [F]a : k. 

• Case SolvedVarSort: In this case t = & and V = (Tl, 6t = t, Fr). Thus [F] t = [F]& = [FiJx. 

We assume contexts are well-formed, so all free variables in x are declared in Ti . Consequently, 
|Fl b x| = |T b xj, which is less than |F b 6t\. We can therefore apply the i.h. to x, yielding V b [F]x : k. 
By the definition of substitution, [F]x = [F]6t, so we have V b [F]& : k. 

• Case BinSort: In this case t = ti ® tz- By i.h., F b [F]ti : k and F b [F]t 2 : k. Bv IBinSortl 

F b ( [F]ti ) ® ( [F] ± 2 ) : K , which by the definition of substitution is F b [F](ti © t 2 ) : k. □ 


Lemma 12 (Right-Hand Substitution for Propositions) . Iff b P prop then V b [r] P prop. 


Proof. Use inversion (EqProp), apply Lemma [lT] (Right-Hand Substitution for Sorting I to each premise, 
and apply [EqProp] again. □ 


Lemma 13 (Right-Hand Substitution for Typing). If F b A type then F b [F] A type. 


Proof. By induction on jF b A| (the size of A under T). 

Several cases correspond to cases in the proof of Lemma llll ( |Right-Hand Substitution for Sorting I : 

• the case for UnitWF is like the case for lUnitSortl 

• the case for lSolvedVarSortl is like the cases for VarWF and SolvedVarWF, 

• the case for IVarSortl is like the case for IVa rWFl but in the last subcase, apply Lemma [TO] (Sorting 
Implies Typing) to move from a sorting judgment to a typing judgment. 

• the case for BinWF is like the case for lBinSortl 


Now, the new cases: 


• Case ForallWF: In this case A = Va : k. Ao- By i.h., F, a : k b [P, a : k]Ao type. By the definition 

of substitution, [r, a : k]Ao = [F]Ao, so bv IForallWFl F b Va. [T]Ao type, which by the definition of 
substitution is V b [F](Va. Ao) type. 

• Case ExistsWF: Similar to the lForallWFI case. 


• Case ImpliesWF, WithWF: Use the i.h. and Lemmafl2l ([Right-Hand Substitution for Propositions]), 

then apply lmpliesWF| or lWithWFl □ 


Lemma 14 (Substitution for Sorting). If Cl b t : k then fO]Il b ITi]t : k. 
Proof. By induction on J£1 b t| (the size of t under Cl). 


Proof of ILemma 14f( Substitution for Sorting I lem:completion-sort 


Proof of]Lemma 1 41 ([Substitution for Sorting)) lem: completion-sort 
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• Case 


u:k£( 1 
£1 b u : k 


IVa rSortl 


We have a complete context Cl, so u cannot be an existential variable: it must be some universal 
variable a. 


If £1 lacks an equation for ct, use Lemma l9l (lUvar Preservation!) and apply rule lUvarSortl 
Otherwise, [oc = t e Cl, so we need to show £1 b [£>]t : k. By the implicit assumption that £1 is well- 


formed, plus Lemma [34l ( Suffix Weakening I . Cl h r : k. Bv Lemma 1111 ( Right-Hand Substitution for 
Sorting), £1 b [£1]t : k. 


• Case 


6t : k = x € Cl 
Cl b & : k 


ISolvedVa rSortl 


& : k = T G Cl 

ci= {C1 L ,&: k = t,£ 1 r ) 


Subderivation 
Decomposing Cl 


Ol b t : k 
£ 1 l > & : k = t, £1 r b t : k 

£1 b [£1 ]t : k 
[D]£ l b [£l]ft : k 


By implicit assumption that £1 is well-formed 

By Lemma [34l ( [Suffix WeakeningP 

By Lemma [Tl] ( |Right-Hand Substitution for Sorting ) 

[o]t = [a]a 


• Case 


■ lUnitSortl 


Ob 1 :* 

Since 1 = [£1]1, applying UnitSort gives the result. 
• Case 


£1 b Ti : * £1 b t2 : * 


IBinSort| 


Ob Tl © T2 : * 

By i.h. on each premise, rule BinSort, and the definition of substitution. 
• Case 

ZeroSort 


£1 b zero : N 

Since zero = [Cl] zero, applying ZeroSort gives the result. 
• Case 


Qbt:ff 


SuccSort 


£1 b succ(t) : N 
By i.h., rule SuccSort, and the definition of substitution. 

Lemma 15 (Substitution for Prop Well-Formedness). 

If Cl b P prop then [£1]£1 b [£1]P prop. 

Proof. Only one rule derives this judgment form: 


□ 


• Case 


Qb t:N Qbt':N 
Qbt = t 'prop 

Qb t:N 
[C1]C1 b [£l]t : N 
QbtbN 
[C1]C1 b [£l]t' : N 


|EqProp| 


Subderivation 

By Lemma [14] ( [Substitution for Sorting ) 
Subderivation 

By Lemma [14] ([Substitution for Sorting ) 


[£l]fl b ( [O] t) = ([£l]t') prop By | Eq Prop] 

•s- [£1]£1 b [£l](t = t') prop By def. of subst. 

Lemma 16 (Substitution for Type Well-Formedness). If Cl b A type then [£!]£! b id] A type. 


□ 


Proof ofILemma 16T( Substitution for Type Well-Formedness) iem:compietion-wf 


Proof ohLemma 1 6l ([Substitution for Type Well-Formednessfl lem: completion- wf 
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Proof. By induction on |E) P A|. 

Several cases correspond to those in the proof of Lemma [T4] ( [Substitution for Sorting ): 

• the IU nitWFl case is like the IU nitSortl case (using DeclUnitWF instead of 1U n itSoTtl) : 

• the lVa rWFl case is like the IVarSortl case (using DeclUvarWF instead of lUvarSortl) : 

• the lSolvedVarWFI case is like the ISolvedVarSortl case. 


However, uses of Lemmallll(|Right-Hand Substitution for Sorting ) are replaced by uses of Lemma [T3l 
( Right-Hand Substitution for Typing]) . 


Now, the new cases: 


• Case 


Q,«: Kh Ao type 
Cl P Voc : k. Aq type 


IForallWFI 


Q, a : k h Ao : k' 

[O, a : k](D, a : k) P [d]Ao : k' 

[D]0, a : k P [d]Ao : k' 

[Q]D P Va : k. [H]A 0 : k' 
[Q]Qh [n](Va: k.A 0 ) : k' 


Subderivation 
By i.h. 

By definition of completion 
By DeclAIIWF 
By def. of subst. 


Case lExistsWFl Similar to the lForallWFI case. using DeclExistsWF instead of IDeclAIIWFl 


• Case 


Q h A] type Cl F A 2 type 
Q F A| ffi A 2 type 


IBinWFI 


By i.h. on each premise, rule DecIBinWF, and the definition of substitution. 


• CaseVecWF: Similar to the lBinWFI case. 


• Case 


Qh P prop Cl P Ao type 
Cl P P d Ao type 


|lmpliesWF| 


Cl P P prop 
[Q]Q P [II] P prop 


Subderivation 

By Lemma fl5l ([Substitution for Prop Well-Formedness I 


DP Ao type 
[D]a P [O] A 0 type 


Subderivation 
By i.h. 




[C1]C1 P ([0]P) D ([n]A 0 ) type By DeclImpliesWF 
[£1]D h [O] (P D Aq) type By def. of subst. 


• Case 


Qh P prop Qh Ao type 


Qh Ao A P type 
Similar to the lmpliesWF|case. 


IWithWFI 


□ 


Lemma 17 (Substitution Stability). 

If (Q, flz) is well-formed and Clz is soft and Qh A type then [fl]A = [II, Clz\ A. 

Proof. By induction on Clz- 

Since Clz is soft, either (1) Clz = • (and the result is immediate) or (2) Clz = [C1',6 l : k) or (3) 
Clz = [Cl',ot: k = t). However, according to the grammar for complete contexts such as Clz, (2) is 
impossible. Only case (3) remains. 

By i.h., [D]A = [Cl, n']A. Use the fact that Qh A type implies FV(A) n dom(£lz) =0- □ 

Lemma 18 (Equal Domains). 

If Cl 1 P A type and dom(Di ) = dom(02) then CI 2 P A type. 


Proof. By induction on the given derivation. 


□ 


January 21, 2016 
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D' Properties of Extension 

Lemma 19 (Declaration Preservation). Iff — > A and u is declared in F, then u is declared in A. 
Proof. By induction on the derivation of F — > A. 

• Case 

>ld 


This case is impossible, since by hypothesis u is declared in F. 


• Case 


[A] A = [A] A' 


T, x : A — » A,x : A' 


War 


- Case u = x: Immediate. 

- Case u/x: Since u is declared in (F, x : A), it is declared in T. By i.h., u is declared in A, and 
therefore declared in (A, x : A'). 


• Case 


A 


T, a : k — > A, a : k 
Similar to the I — >Varl case. 

• Case r * 


>Uvar 


> Unsolved 


T, & : k ■> A, & : k 

Similar to the I — >Varl case. 

* Case F — > A [A] t = [A]t' 
r,a: k = t — * a, a : k = t ' 

Similar to the I — >Varl case. 


^Solved 


• Case 


’ — > A [A] t = [A]t' 
F, ot = t — i A, a = t' 


^Eqn 


It is given that u is declared in (F, a = t). Since a = t is not a declaration, u is declared in F. 
By i.h., u is declared in A, and therefore declared in (A, a = t'. 


• Case 


A 


r, ►a — > A, 

Similar to the | — ^Egnj case. 
• Case p ^ ^ 


>Marker 


T, (3 : k' — » A, (3 : k' = t 
Similar to the l — -Varl case. 


^Solve 


• Case 


A 


^Add 


r — > a, a : k 

It is given that u is declared in F. By i.h., u is declared in A, and therefore declared in (A, a : k). 
• Case r 


A 


r — » a, a : k = t 

Similar to the l — >Addl case. 


xAddSolved 


□ 


Proof of ILemma 201 (Declaration Order Preservation!) lem:declaration-order-preservation 


Proof of\Lemma_20\ (lDedarMiMlj^rxlerJ^reservatimil) lem:declaration-order-preservation 
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Lemma 20 (Declaration Order Preservation). If F — > A and u is declared to the left ofv in F, then u is 
declared to the left ofv in A. 

Proof. By induction on the derivation of F — > A. 


• Case 


■a 


This case is impossible, since by hypothesis u and v are declared in F. 


Case 


A 


[A] A = [A] A' 


T, x : A — > A,x : A' 


I >Var| 


Consider whether v = x: 


- Case v = x: 

It is given that u is declared to the left ofv in (F,x : A), so u is declared in F. 
By Lemma [T9l ([Declaration Preservation!) . u is declared in A. 

Therefore u is declared to the left ofv in (A, x : A'). 

- Case v/x: 

Here, v is declared in T. By i.h., u is declared to the left of v in A. 

Therefore u is declared to the left ofv in (A, x : A'). 


• Case 


T, a : k — > A, a : k 
Similar to the I — >Varl case. 


I — >Uvarl 


• Case 


A 


T, & : k — > A, & : k 
Similar to the I — >Varl case. 


I — > Unsolved I 


• Case 


A 


[A] t = [A]t' 


r,&: k = t — > A, : k = t 
Similar to the I — >Varl case. 


- [ — )Solvedl 


• Case 


F, (3 : k' — > A, (3 : k' = t 
Similar to the l — >Varl case. 


I — >Solvel 


• Case 


A [A]t = [A]t' 

— [=»Eqn] 


F, a = t — > A, a = t 


The equation 6i = t does not declare any variables, so u and v must be declared in T. 
By i.h., u is declared to the left of v in A. 

Therefore u is declared to the left of v in A, & : k = t'. 


• Case 


A 


r, ►& — > a, 

Similar to the 


I — >Markerl 


>Eqn 


case. 


Proof of ILemma 201 (IDeclaration Order Preservation!) lem:declaration-order-preservation 


Proof of\Lemma_20\ (lDedarMiMlj^rxlerJ^reservatimil) lem:declaration-order-preservation 
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• Case 


A, & : k 


I — >Addl 


By i.h., u is declared to the left of v in A. 

Therefore u is declared to the left of v in (A, & : k). 


• Case 


A 


T — > A, cf : k = t 
Similar to the I — > Add] case. 


I — >AddSolvedl 


□ 


Lemma 21 (Reverse Declaration Order Preservation). Iff — > A and u and v are both declared in V and 
u is declared to the left ofv in A, then u is declared to the left ofv in F. 

Proof. It is given that u and v are declared in F. Either u is declared to the left ofv in F, or v is declared 
to the left of u. Suppose the latter (for a contradiction). By Lemma l20l ((Declaration Order Preservation!) . 
v is declared to the left of u in A. But we know that u is declared to the left of v in A: contradiction. 
Therefore u is declared to the left of v in F. □ 

Lemma 22 (Extension Inversion). 

(i) It'D :: F 0 , <x : k, Fi — > A 

then there exist unique Ao and A] 

such that A = (Ao, a : k, Ai ) and V :: Fo — » Aq where V < V. 

Moreover, if Fi is soft, then Ai is soft. 

(ii) IfV :: F 0 ,^ u ,r, -tA 

then there exist unique Ao and A] 

such that A = (Ao, ► u , Ai ) and V :: To — ■> Ao where V < V. 

Moreover, if F i is soft, then Ai is soft. 

Moreover, if dom(ro, ► u , T i ) = dom(A) then dom(Fo) = dom(Ao). 

(iii) IfT> :: F 0 , a. = x, Fi — > A 

then there exist unique Ao, x' , and Ai 

such that A = (Ao, a = x', Ai ) and V :: Fo — > Ao and [Ao]x = [Ao]x' where V < V. 

(iv) IfV :: Fo, & : k = x, Ti — > A 

then there exist unique Ao, x' , and Ai 

such that A = (Ao, ct : k = x', Ai ) and V :: Fo — > Ao and [Ao]x = [Ao]x' where V < V. 

(v) IfV :: F 0 ,x : A, Fi — > A 

then there exist unique Ao, A', and Ai 

such that A = (Ao,x : A', Ai ) and V :: Fo — > Ao and [Ao]A = [Ao]A' where V < V. 

Moreover, if F i is soft, then Ai is soft. 

Moreover, if dom(Fo,x : A, F i ) = dom(A) then dom(Fo) = dom(Ao). 

(vi) IfV :: Fo, & : k, Fi — > A then either 

• there exist unique Ao, x' , and Ai 

such that A = (Ao, &: k = x', Ai ) and V :: To — > Ao where V < V, 
or 

• there exist unique Ao and Ai 

such that A = (Ao, & : k, Ai ) and V :: To — > Ao where V < V. 

Proof. In each part, we proceed by induction on the derivation of Fo, . . . , Fi — > A. 

Note that in each part, the I — ddl case is impossible. 

Throughout this proof, we shadow A so that it refers to the largest proper prefix of the A in the 
statement of the lemma. For example, in the I — >Varl case of part (i), we really have A = (Aoo,x : A'), 
but we call Aqo “A”. 


Proof of ILemma 22l(IExtension Inversion!) lem:extension-inversion 


Proof of]Lemma_22\ (!ExtenMQllinY£I^itHl|) lem:extension-inversion 
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(i) We have To, oc : k, Fi 


• Case 


A. 

[A] A = [A] A' 


A, x : A' 


I >Var| 


r, x : A 
r 0 ,a:K,ri 

(r,x: A) = (r 0 , cc : k, H) 

= (r 0 ,a: k, r/,x: A) 
(r,x: A) = (T 0 , a : k, rj,x : A) 
r = (r 0 , a : k, rj) 

r — » a 
r 0 , a : k, r; — ■> a 

A = (A 0 , a : K, Ai ) 

«*• F 0 — » A 0 

if r; soft then Ai soft 

is- (A,x : A') = (Ao, a : k, Ai ,x : A') 

**• if r/, x : A soft then Ai , x : A' soft 


Given 

Since the last element must be equal 
By transitivity 
By injectivity of syntax 

Subderivation 
By equality 
By i.h. 

n 

n 

By congruence 
Since rj, x : A is not soft 


• Case 


A 


r, [3 : k ' 


~ I >Uvarl 


A, (3 : k 

To ,a:K,ri 

There are two cases: 

- Case a : k = (3 : k': 

«• (T, a : k) = (r 0 , a : k, Tt ) 

•s- (A, a : k) = (Ao, a : k, Ai 

•s- if Ti soft then A] soft 

- Case a 7 ^ |3: 

(F, (3 : k') = (F 0 , a : k, TO 

= (F 0 , a : k, Tj, (3 : k') 

T = (F 0 ,a: k, Tj) 

F — > A 
F 0 , tx : k, Tj — ■> A 

A = (A 0 , a : k,At) 

•s- F 0 — t A 0 

if Tj soft then Ai soft 

•s- (A, (3 : k') = (A 0 , a : k, A,, (3 : k') 

•s- if Tj, P : k' soft then Ai , |3 : k' soft 


where To = F and T] = • 
where Ao = A and Ai = 
since • is soft 


Given 

Since the last element must be equal 
By injectivity of syntax 

Subderivation 
By equality 
By i.h. 


By congruence 

Since Tj, (3 : k' is not soft 


• Case 


r,&: k ' — ■> A, & : k 
r 0 ,a:K,r, 


- 1 — lUnsolvedl 


Proof of ILemma 22l(IExtension Inversion!) lem:extension-inversion 


Proof of]Lemma_22\ (!ExtenMQllinY£I^itHl|) lem:extension-inversion 
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(r, &: k') = (r 0 ,a: K,bi) 

= (r 0 , a : k, bj, & : 
r = (r 0 , a : k, rj) 

r — > a 

r 0 , a : k, rj — > A 

A = (A 0 , a : k,Ai) 

•s- r 0 — > a 0 

if Tj soft then A] soft 

•s- (A, & : k') = (Aq, a : k, Ai , 3 


Given 

k') Since the last element must be equal 
By injectivity of syntax 

Subderivation 
By equality 

By i.h. 

// 

n 

: k') By congruence 


Suppose Tj, 6t : k' soft. 

Tj soft 
A] soft 
A] soft 

•s- if Tj, & : k' soft then A] , & : k' soft 


• Case 


A 


[A]t = [Alt' 


A, 3, : k = t 


fj & : k = t 

F 0> a:K > r 1 

Similar to the I — > Unsolved l ease. 


t I — >S olvedl 


By definition of softness 
By induction 
By definition of softness 
Implication introduction 


• Case 



[Alt = [Alt' , 


(HP =t) = (r 0 ,a: K,n) 

= (T 0 , a: k, T j, (3 = t) 
T = (r 0 , a: k, Tj) 

r — > a 
r 0 , a : k, rj — > A 

A = (A 0 , a: k,Ai) 

•s- r 0 — > A 0 

if Tj soft then Ai soft 


Given 

Since the last element must be equal 
By injectivity of syntax 

Subderivation 
By equality 
By i.h. 

n 

n 


•s- (A, (3 = t') = (Ao, a : k, Ai , (3 = t') By congruence 

•s- if Tj, (3 = t soft then Ai , |3 = t' soft Since Tj, (3 = t is not soft 


• Case 



I — >Markerl 


r 0 ,a:K,ri 


(r, ►dt) = (To, a: K,rO 

= (r 0 ,a: K, rj, ►*) 
r = (r 0 , a : k, rj) 


Given 

Since the last element must be equal 
By injectivity of syntax 


T — > A 
r 0 , a : K, rj — > A 

A = (A 0 , a : k, Ai ) 
•s- r 0 — > A 0 

if Tj soft then Ai soft 


Subderivation 
By equality 
By i.h. 

n 

n 


•s- A, ►* = (A 0 , a : k, Ai , ►&) By congruence 

•s- if Tj, soft then Ai , soft Since Tj, is not soft 
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• Case 


A, & : k 


I — >Addl 


r 0 ,a:K',ri 


A = (Ao, oc : k, At ) 

«*■ P 0 — * A 0 

if F i soft then Ai soft 
•»■ A, & : k' = (Aq, oc : k, A] , S. : k') 


By i.h. 

// 

II 

By congruence of equality 


Suppose T i soft. 

Ai soft 
A] , & : k' soft 

«*■ if Pi soft then Ai , & : k' soft 


By i.h. 

By definition of softnesss 
Implication introduction 


• Case 


A, ct : k' = t 


I — lAddSolvedl 


r 0 ,a:K,r 1 


A = (A 0 , a : K, A] ) 

•*' To — > A 0 

if Ti soft then A] soft 

•s- (A, 6c : k' = t) = (Ao, oc: k, A] , & : k' 


By i.h. 

II 

n 

t) By congruence of equality 


Suppose Pi soft. 

A] soft 
(Ai , 6i : k' = t) soft 

•s- if Tt soft then Ai , & : k' = t soft 


By i.h. 

By definition of softnesss 
Implication introduction 


• Case 



Solvel 


ro,a:K > ri 


(r, (3 : k') = (P 0 , oc : K, Ti) 

= (r 0 , OC : k, rj, : k') 

P = (r 0 , a: k, P,') 


Given 

Since the final elements are equal 
By injectivity of context syntax 


P — > A 
r 0 , oc: k, r{ — > A 

A = (A 0 , oc: k, Ai ) 
•s- r 0 — > A 0 

if r/ soft then Ai soft 


Subderivation 
By equality 
By i.h. 

n 

n 


A, 0 : k' = Aq, oc : k, A] , 0 : k' 


By congruence 


•S’ 


Suppose r;,|3 : k' soft. 

p; soft 
Ai soft 
Ai , 0 : k' = t soft 

if r;, : k' soft then Ai , j3 : k' = t soft 


By definition of softness 
Using i.h. 

By definition of softness 
Implication intro 


(ii) We have Po,^u,fi — » A. This part is similar to part (i) above, except for “if dom(Po, ►u, Pi ) = 
dom(A) then dom(Po) = dom(Ao)”, which follows by i.h. in most cases. In the I — > Marker! case, 
either we have . . . , ►u/ where u' = u — in which case the i.h. gives us what we need — or we have 
a matching ►u. In this latter case, we have Pi = •. We know that dorrifTo, Pi ) = dom(A) and 
A = (Ao, ►u)- Since Ti = •, we have dom(Po, ►u) = dom(Ao, ► u )- Therefore dom(Po) = dom(Ao). 

(iii) We have To, oc = t, fi — > A. 
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• Case p ^ ^ 

t r I — >Uvarl 

HP : k' — » A,P : k ' 

ro,a=T,r r 

(r 0 ,a = T,r 1 ) = (r,p:K') 

= (r 0 ,cx = T,r;,p : k') 
r = (r 0 ,a = T,r;) 

A= (Ao, a = t', A, ) 

«*■ [A 0 ]t = [A 0 ]t' 

*»■ r 0 — > a 0 

W (A, P : k') = (Ao, a = t', Ai , P : k') 

• Case r — > A [A] A = [A] A' 

7 — I — >Varl 

r, x : A — > A, x : A 

r 0 l a=T,r, 

Similar to the l — >Uvarl case. 

• Case p ^ ^ 

E — >Markerl 


r, ►& > A, 

Similar to the l — >Uvarl case. 
• Case r 


A 


h ft : k' — > A, ft : k 
Similar to the l — >Uvarl case. 


- 1 — >Unsolvedl 


Given 

Since the final elements must be equal 
By injectivity of context syntax 

By i.h. 

n 

n 

By congruence of equality 


• Case 


A [A]t = [A]t' 


r,ft: k' =t 

— * A, ft : k 

ro,ct=T,r, 


Similar to the| — s 

Uvarlcase. 

• Case p 

— > A 

rj:< - 

-» A,fl : k' = 

r 0 ) a=T,r, 


Similar to the| — ) 

Uvarlcase. 

• Case p ^ ^ 

[A]t = [Alt' 

r, P = t - 

-» A,p = t' 

r 0 ,a=T,r, 



- 1 — >Solvedl 


- 1 — >Solvel 


There are two cases: 


- Case a = p : 

x = t and F i = • and Fo = V 

**■ r 0 — > a 0 

(A, a = t') = (Ao, a = t', A] ) 

•s- [A 0 ]t = [A 0 ]t' 

- Case a ^ p: 

(r 0 ,a = T,r 1 ) = (r, p = t) 

= (r 0 ,a = T, r;,p =t) 
r = (r 0 ,a = T,r 1 ') 


By injectivity of syntax 
Subderivation (Fo = F and let Ao = A) 
where A] = • 

By premise [A]t = [Alt' 

Given 

Since the final elements must be equal 
By injectivity of context syntax 


A = (A 0 , a = t', Ai ) By i.h. 

«■ [A 0 ]t = [A 0 ]t' 

«■ F 0 — > A 0 

»s- (A, P = t') = (Ao, a = t', Ai , p = t') By congruence of equality 
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• Case 



A, & : k 


~ l — >Add| 


r 0 ,a=T,ri 


A = (A 0 ,a = x',Ai) 

•s- [A 0 ]t = [A 0 ]t' 

**■ r 0 — > a 0 

•s- (A, & : k') = (Aq, a = t', Ai, & : k') 


By i.h. 

n 

n 

By congruence of equality 


• Case 


A 

A, & : k' = t 


I — >AddSolvedl 


r 0 ,a=T,r 1 


A = (A 0 , a = x', Ai ) By i.h. 

«■ [A 0 ]t = [A 0 ]t' 

«*• r 0 — i a 0 " 

•s- (A, a : k' = t) = (Ao, a = x\ Ai , a : k' = t) By congruence of equality 


(iv) We have To, & : k = t, H — > A. 


• Case 



A, (3 : k 


~ 1 >Uvarl 


(F 0 , & : k = t, H ) = (r, 3 : k') 

= (r 0 ,&: K = T, Pj, |3 : k') 
r = (r 0 ,a: K = T,r;) 

A = (A 0 ,&: k = t', A] ) 

•s- [A 0 ]t = [A 0 ]t' 

•s- r 0 — » a 0 

•s- (A, (3 : k') = (Ao, a : k = t', Ai , (3 : k') 


Given 

Since the final elements must be equal 
By injectivity of context syntax 

By i.h. 

// 

n 

By congruence of equality 


• Case 


r, xj a 

r 0 ,&:K=T,ri 

Similar to the l — >Uvarl case. 


[A] A = [A] A' , 

— [ — >Vad 

— i A,x : A 


• Case 


I — iMarkerl 


n ►(? > a, 

Similar to the l — >Uvarl case. 
• Case r 


A 


h (3 : k ' — > A, (3 : k 
Similar to the l — >Uvarl case. 


- 1 — AJnsolvedl 


• Case 


A 


[A]t = [Alt' 


r, (3 : K' = t — 

r 0) ^:K=T,ri 

There are two cases. 


A, 3 : k' = t 


- I — iSolvedl 


- Case a = $: 

k' = k and t = x and V \ = • and P = To 
•s- (A, 0 : k' = t') = (A 0 , 0 : k' = t', Ai ) 

•s- P 0 — > A 0 

•s- [A 0 ]t = [A 0 ]t' 


By injectivity of syntax 
where x' = t' and Ai = • and A = Ao 
From subderivation V — » A 
From premise [A] t = [Alt' and x 
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- Case ft ^ 

(r 0 , ft : k = t, F, ) = (F, $ : k' = t) 

= (r 0 , ft : k = t, T/, 0 : k' 

r= (r 0 ,&: K = x,r;) 

A = (A 0 , ft : k = t', Ai) 
•S- [A 0 ]t = [A 0 ]t' 


Given 

t) Since the final elements must be equal 
By injectivity of context syntax 
By i.h. 

n 


•S- Fo — > A 0 " 

•s- (A, (3 : k' = t') = (Aq, ft : k = t', Ai , |3 : k' = t') By congruence of equality 


• Case 


A 


[A]t = [Alt' 


A, (3 =t 




(F 0 ,ft: k = t, Vi) = (F, (3 = t) 

= (F 0 , ft : k = t, Fj, (3 = t) 
F = (F 0 , ft : k = t, r{) 


Given 

Since the final elements must be equal 
By injectivity of context syntax 


A = (Ao, & : k = t', Ai ) By i.h. 

[A 0 ]t = [A 0 ]t' 

Fo — > Ao 

(A, (3 = t') = (Aq, ft : k = t', Ai , (3 = t') By congruence of equality 


• Case 


F — > A 


- I— >Add| 


— > A, (3 : k 

r 0) &:K=T,r, 

A = (A 0 , ft : k = x', Ai [ 

«■ [A 0 ]t = [A 0 ]t' 

«■ r 0 — > Ao 

•s- (A, (3 : k ') = (Ao, ft : k = t', A] , j3 : k') By congruence of equality 


By i.h. 


• Case 


A 


■ I — >AddSolvedl 


> A, (3 : k' = t 

r 0 >&:K=T,r, 

A = (A 0 , ft : k =t',A 1 ) 

•s- [A 0 ]t = [A 0 ]t' 

•s- F 0 — > A 0 

•s- (A, $ : k' = t) = (Aq, ft: k = t', Ai , 0 : k' = t) 


By i.h. 

// 

n 

By congruence of equality 


• Case 




Solvel 


r 0 >&:K=T,r, 


(r,$:K') = (r 0 ,ft:K = T,r 1 ) 

= (F 0 , ft : k =t, r/,0 : k') 
T= (F 0 ,ft: K=T,r') 


Given 

Since the last elements must be equal 
By injectivity of syntax 


F — > A 

r 0 , ft : k = t, r; — > a 

A = (A 0 , ft : k = t', Ai ) 

•s- [A 0 ]t = [A 0 ]t' 

•s- r 0 — > a 0 

•s- (A, 0 : k') = (Aq, ft : k = t', Ai , $ : k') 


Subderivation 
By equality 
By i.h. 

n 

n 

By congruence of equality 


(v) We have To,x : A, Fi — > A. This proof is similar to the proof of part (i), except for the domain 
condition, which we handle similarly to part (ii) . 
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(vi) We have To, ft : k, Fi — > A. 

® Case p * 


h (3 : k ' — > A, (3 : k 

Tq ,&:K,ri 

(r 0 ,ft:K,r 1 )= (n |3 : k') 


7 1 >Uvar| 


Given 

= (To, ft : k, T,', |3 : k') Since the final elements must be equal 
T = (To, 6t : k, r{) By injectivity of context syntax 

By induction, there are two possibilities: 

- Si is not solved: 

A = (A 0 , Si : k, Ai ) By i.h. 

«*■ r 0 — * a 0 " 

•s- (A, 3 : k'J = (Ao, ft : k, Ai , |3 : k') By congruence of equality 

- Si is solved: 

A = (A 0 , Si : k = t', A] ) By i.h. 

«r r 0 — » Ao 

•s- (A, |3 : k'J = (Ao, & : k = t', A] , (3 : k') By congruence of equality 


• Case 


f, x : A — > A, x:A 
r 0 ,&:K,r, 

Similar to the l — >Uvarl case. 

• Case p * 


[A] A = [A] A' , 

7 — I — >Var| 


I — >Markerl 


H ►p > A, 

Similar to the l — >Uvarl case. 

• Case r — > A [A] t = [AJt' 

r,|3=t — > A, (3 = t 1 ^ 

Similar to the l — >Uvarl case. 


• Case 


A [AJt = [AJt' __ 

■ -I — >Solvedl 


r, |3 : k' = t — > A, p : k' 


To 

Similar to the l — fiJvarl case. 
• Case p , a 


— I — >Unsolvedl 


F, (3 : k' — > A, |3 : k' 

r 0i 6L:K y ri 

- Case ft ^ j3: 

(F 0 , Si : k, Fi ) = (F, 0 : k'J Given 

= (To, Si : k, Tj, p : k'J Since the final elements must be equal 
F = (Fo, & : k, r{) By injectivity of context syntax 

By induction, there are two possibilities: 

* Si is not solved: 

A = (A 0 , oi: k, A] ) By i.h. 

•s- r 0 — > A 0 " 

•s- (A, p : k'J = (Ao, Si : k, Ai , (3 : k'J By congruence of equality 

* Si is solved: 

A = (Ao, Si : k = t', Ai ) By i.h. 

•s- r 0 — > A 0 " 

•s- (A, p : k'J = (Aq, ft : k = t', Ai , p : k'J By congruence of equality 


Proof of ILemma 22l(IExtension Inversion!) lenuextension-inversion 


Proof of]Lemma_22\ (!ExtenMQllinY£I^itHl|) lem:extension-inversion 


43 


- Case & = p: 


k' = k and To = T and Pi = • By injectivity of syntax 

where Ao = A and Ai = 
From premise V — » A 


«*■ (A, (3 : k') = (A 0 ,& : k, Ai) 

w Po — > A 0 


• Case 


A 


- I— >Addl 


^_T_, — > A, (3 : k 

To 

By induction, there are two possibilities: 

- 6c is not solved: 

A = (A 0 , & : k, At ) 

«*■ Po — » Ao 

•s- (A, p : k 7 ) = (Ao, & : k, Ai , p : k') By congruence of equality 

- & is solved: 

A = (A 0 , & : k = x 7 , Ai ) By i.h. 

«*• P 0 — » A 0 77 


By i.h. 

n 


•s- (A, P : k ') = (Aq, & : k = t 7 , Ai , P : k') By congruence of equality 


• Case 


A, p : k 7 = t 


I — >AddSolvedl 


By i.h. 


r 0y 6L:K y ri 

By induction, there are two possibilities: 

- & is not solved: 

A = (A 0 , & : k, At ) 

•s- P 0 — > A 0 " 

•s- (A, p : k 7 = t) = (Ao, 6t : k, Ai , p : k 7 = t) By congruence of equality 

- & is solved: 

A = (A 0 , & : k = t 7 , Ai ) By i.h. 

•s- P 0 — > A 0 " 

•s- (A, p : k 7 = t) = (Aq, ct : k = t 7 , Ai , p : k 7 = t) By congruence of equality 


• Case 


A 


■ I — >Solvel 


T, p : k 7 — i A, p : k 7 = t 

Tq 

- Case & ^ $: 

(P 0 , & : k, Pi ) = (P, $ : k 7 ) Given 

= (To, & : k, P, 7 , P : k 7 ) Since the final elements must be equal 
P = (P 0 , ct : k, rj) By injectivity of context syntax 

By induction, there are two possibilities: 

* 6i is not solved: 

A = (A 0 , ft : k, Ai ) By i.h. 

w r ° — > A ° 

•s- (A, p : k 7 = t) = (Ao, & : k, Ai , p : k 7 = t) By congruence of equality 

* 6l is solved: 

A = (A 0 , A: k = t 7 , A] ) By i.h. 

«■ ^ r o — > A ° 

•s- (A, p : k 7 = t) = (Ao, 6t : k = t 7 , Ai , p : k 7 = t) By congruence of equality 

- Case ft = 0: 

P = To and k = k 7 and Pi = • By injectivity of syntax 

•s- (A, $ : k 7 = t) = (Ao, & : k = t 7 , Ai ) where Ao = A and x 7 = t and Ai = • 

•s- r 0 — > Aq From premise P — > A □ 
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Lemma 23 (Deep Evar Introduction), (i) If To, H is well-formed and ft is not declared in To, P| then 
To, H — > To, ft : k, Pi . 

(ii) Iff o, ct : k, Pi is well-formed and P h t : k then To, ft : k, Pi — > Po, ft : k = t, Pi . 

(in) Iff o, Ti is well-formed and P h t : k then To, Pi — > Po, ft : k = t, Pi . 

Proof. 

(i) Assume that To, Pi is well-formed. We proceed by induction on P i . 

• Case Pi = •: 

Po ctx Given 

ft ^ dom(Po) Given 

Po,ft:KCtx By rule VarCtx 


Po — > Pq By Lemma 1321 ([Extension Reflexivity I 


«*■ Tn — >Pi.ft:K Bvrulel — >Addl 

• Case Ti = P{,x : A: 

To, r;,x : A ctx 

Given 

To, r; ctx 

By inversion 

x domfPo, Tj) 

By inversion (1) 

P 0 , P{ h A type 

By inversion 

ft ^ dom(Po, r/,x : A) 

Given 

ft 7^ x 

By inversion (2) 

Po, ft : k, r| ctx 

By i.h. 

Po,P; — > Po,ft: k, r{ 

n 

r 0 , ft : k, r{ h A type 

By Lemma 1361 (Extension Weakening (Sorts) 1 

x ^ dom(Po, ft : k, r{) 

By (1) and (2) 

is- Po,r{,x:A — ^ To, ft : k, r/,x : A 

Bv| — >Var| 

• Case Ti = r{, (3 : k': 

Po, P{, |3 : k' ctx 

Given 

r 0 ,r; ctx 

By inversion 

P £ dom(P 0 , r{) 

By inversion (1) 

ft ^ dom(Po, Pj, P : k') 

Given 

ft^ P 

By inversion (2) 

Po, ft : k, r; ctx 

By i.h. 

Po,rj — » Po,ft: k, r,' 

n 

P ^ dom(Po, ft : k, P|) 

By (1) and (2) 

«*■ P 0 , r{, P : k' — > P 0 , ft : k, Pj, P : k' 

Bvl — >Uvarl 

• Case Ti = P/, : k': 

Po, Pj, j3 : k' ctx 

Given 

r 0 ,r; ctx 

By inversion 

$ ^ dom(P 0 , r{) 

By inversion (1) 

ft ^ domfPo, T/, $ : k') 

Given 

MS 

By inversion (2) 

Po, ft : k, r; ctx 

By i.h. 

Po,rj — * Po,ft: k, r{ 

// 

$ ^ domfPo, ft : k, Pj) 

By (1) and (2) 

•*' Po,r{, $ : k ' — > P 0 , ft : k, r{, ^ : k' 

Bvl — >Unsolvedl 

• Case Ti = (Tj, ^ : k' — t): 
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r 0 , r;, p : k' = t ctx 
r 0 , rj ctx 

^ £ dom(F 0 ,rj) 
ro.r/ht: k' 

ft £ dom(Fo, Fj, 0 : k' = t) 
r 0 , ft : k, Fj ctx 

r 0 , r; — > r 0 , a : k, rj " 

To, ft : k, Fj I- t : k' Bv Lemma 1361 ( [Extension Weakening (Sorts) ) 

(3 ^ dom(r 0 , & : k, T,') By (1) and (2) 

«*• Fo, Fj, 0 : k' = t — * Fo, ft : k, Fj, 0 : k' = t Bv l — >Solvedl 

Case Ti = (Tj, P = t): 


Given 

By inversion 
By inversion (1) 
By inversion 
Given 

By inversion (2) 
By i.h. 


r 0 , rj, p = t ctx 
r 0 , rj ctx 
P £ dom(F 0 , FI) 
F 0) r; h t:N 


•s- F 0 ,F 1 , ,P=t — * r 0 , ft : k, rj, p = t 
• Case r, = (T-j, ►g): 

Fo, rj, ctx 
Fo, rj ctx 
0 £ dom(F 0 , rj) 
ft^ dom(r 0 , Fj, ►g) 
ft^£ 

To, ft : k, Tj ctx 

r 0 , rj — > r 0 , ft : k, rj 

(3 ^ dom(r 0 , ft : k, Fj) 
rd, F-j , 7 To, ft ■ K,r ^,^0 


Given 

By inversion 
By inversion (1) 

By inversion 
Given 

By inversion (2) 

By i.h. 

n 

By Lemma [36] ( [Extension Weakening (Sorts) I 
By (1) and (2) 

Bv l — >Solved1 

Given 

By inversion 
By inversion (1) 

Given 

By inversion (2) 

By i.h. 

n 

By (1) and (2) 

Bv l — >Markerl 


ft ^ dom(To, Fj, P = t) 

ft 7^ P 

F 0 , ft : k, Fj ctx 
fo, Fj — > F 0 , ft : k, Tj 
r 0 , ft : k, Fj h t : N 

P ^ dom(Fo, ft : k, Fj) 


(ii) Assume Tq, ft : k, Fi ctx. We proceed by induction on T] : 


• Case Ti = •: 


To h t : k 

F 0 , Fi ctx 
Fo ctx 
r 0 —7 Fo 

Fo, ft : k — ■> Fo, ft : k = t 
«*■ To, ft : k, Fi — > Fo, ft : k = t, F] 
• Case Ti = (Fj,x : A): 


Given 

Given 

Since Fi = • 

By Lemma l32l ( [Extension ReflexivityP 
By rule l — >Solvel 
Since Fi = • 


Fo h t : k 

To, ft : k, Fj,x : A ctx 
r 0 , ft : k, Fj ctx 
F 0 , ft : k, Fj I- A type 

x £ dom(To, ft : k, Fj) 

F 0 , ft : K, rj — > r 0 , ft : K = t, Fi 
To, ft : k = t, Fi LA type 

x £ dom(Fo, ft : k = t, Fj) 
To, ft : k, Fj,x : A — > To, ft : k = t, Fi,x : A 


Given 

Given 

By inversion 
By inversion 
By inversion (1) 

By i.h. 

By Lemma [36] ( [Extension Weakening (Sorts) I 
since this is the same domain as (1) 

By rule I — Wad 
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• Case H = (r;, (3 : k'): 


To I- t : k 

r 0 , ft : k, r;, (3 : k' ctx 
r 0> a : k, r; ctx 
p ^ dom(r 0 , ft : k, r{) 
r 0 , ft : k, r; — > r 0 , & : k = t, n 

p ^ dom(r 0 , ft : k = t, T/) 
r 0 , ft : k, r{, P : k' — > P 0 , ft : k = t, H , P : k' 


• Case H = (r;, $ : k'): 


To I- t : k 

r 0 , ft : k, r;, $ .■ k' ctx 
To, cl : k, r; ctx 
^ ^ dom(r 0 , ft : k, rj) 
r 0 , ft : k, r/ — > r 0 , & : k = t, n 

$ ^ dom(r 0 , ft : k = t, Tj) 
To, ft : k, r;, $ : k' — > Fo, ft : k = t, Ti , $ : k' 

• Case Ti = ( F/, $ : k' = t'): 
r 0 h t' : k 

To, ft : k, F{, $ : k' = t' ctx 
F 0 , ft : k, r; ctx 
To, ft : k, r; h t' : k' 

[3 ^ dom(r 0 , ft : k, F|) 
f 0 , ft : <, r; — > r 0 , ft : k = t, Fi 

[3 ^ dom(ro, & : k = t, F{) 


Given 

Given 

By inversion 
By inversion (1) 

By i.h. 

since this is the same domain as (1) 
By rule I >lJvarl 


Given 

Given 

By inversion 
By inversion (1) 

By i.h. 

since this is the same domain as (1) 
By rule l — >Unsolvedl 


Given 

Given 

By inversion 
By inversion 
By inversion (1) 

By i.h. 

since this is the same domain as (1) 


To, 6t : k = t, Fi h t' : k' Bv Lemma l36l ( [Extension Weakening (Sorts) ) 

F 0 , ft : k, F,', $ : k' = t' — > F 0 , & : k = t', Fi, 0 : k' = t' By rule l — >Solvedl 


• Case Ti = (Fj, p = t'): 

T 0 h t' : k 

r 0 , ft : k, r/, p = t' ctx 
r 0 , ft : k, r; ctx 

r 0 , a : k, F/ h t' : N 

P ^ dom(ro, ft : k, F{) 

F 0 , ft : k, F{ — > r 0) ft : k = t, F] 

p ^ dom(ro, ft : k = t, Fj) 
To, ft : k = t, Fi h t':N 
F 0 , ft : k, r;, P = t' — > F 0 , ft : k = t', F t , P 


• Case T, = 

Fo h t : k 

F 0 , ft : k, r;, ctx 
r 0 , ft : k, r; ctx 
[3 ^ dom(r 0 , ft : k, F{) 
r 0 , ft : k, r; — > r 0 , ft : k = t, ri 

$ ^ dom(r 0 , ft : k = t, F{) 

To, ft : k, F{, — > To, ft : k = t, 


Given 
Given 

By inversion 
By inversion 
By inversion (1) 

By i.h. 

since this is the same domain as (1) 

By Lemma l36l ( [Extension Weakening (Sorts) I 
= t' By rule P — >Eqn| 

Given 

Given 

By inversion 
By inversion (1) 

By i.h. 

since this is the same domain as (1) 

By rule l — >Unsolvedl 


(iii) Apply parts (i) and (ii) as lemmas, then Lemma l33l ( [Extension Transitivity ) . 

Lemma 26 (Parallel Admissibility). 

Iff l — > Al and Fl,Fr — > Al,Ar then: 


□ 


ft) r L , ft : k, T r — > A l , ft : k, Ar 


January 21, 2016 


D' Properties of Extension 


47 


(ii) If Al h t' : k then Fl, & : k, Tr — > Al, ft : k = t', Ar. 

(iii) If Tl h t : k and Al b %' type and [Al]t = [AlJt', then Fl, ft : k = t, Tr — » Al, & : k = t', Ar. 

Proof. By induction on Ar . As always, we assume that all contexts mentioned in the statement of the 
lemma are well-formed. Hence, ft ^ dom(FL) U dom(FR) U dom(AL) U dom[AR). 

(i) We proceed by cases of Ar. Observe that in all the extension rules, the right-hand context gets 
smaller, so as we enter subderivations of F [ , Fr — > Al, Ar, the context Ar becomes smaller. 

The only tricky part of the proof is that to apply the i.h., we need F i — > Al- So we need to make 
sure that as we drop items from the right of Fr and Ar, we don’t go too far and start decomposing 

Tl or Al! It’s easy to avoid decomposing Al: when Ar = -, we don’t need to apply the i.h. any- 

way. To avo id decomposing Tt . we need to reason by contradiction, using Lemmajl9|_( Declaration 

Preservation) . 

• Case Ar = •: 

We have Tl — > Al- Applying I — > U n so I ved I to that derivation gives the result. 

• Case Ar = (A^, j3): We have $ 7 b ft by the well-formedness assumption. 

The concluding rule of Tl, Fr — » Al, A(,, $ must have been I — >Unsolvedl or l — >Addl In both 
cases, the result follows by i.h. and applying I — >Unsolvedl or f^->Addl 

Note: In i — >Adcfl the left-hand context doesn’t change, so we clearly maintain Fl — > Al- In 
I — TJnsolvedl we can correctly apply the i.h. because Fr ^ •. Suppose, for a contradiction, that 
Tr = •. Then Fl = (F^, $). It was given that Fl — > Al, that is, F^, $ — > Al. By Lemma 
[T9l dDeclaration Preservation!) . Al has a declaration of p. But then A = (Al,A(,,p) is not 
well-formed: contradiction. Therefore Fr 7 ^ •. 

• Case Ar = (A(,, |3 : k = t): We have j3 7 ^ ft by the well-formedness assumption. 

The concluding rule must have been l — >Solvedir — >Solvel or l — >AddSolvedl In each case, apply 
the i.h. and then the corresponding rule, flnl — >Solvedland[^->Solvel use Lemmall9lf Declara- 
tion Preservation) to show Tr 7 ^ •.) 

• Case Ar = (A^, a): The concluding rule must have been l — dJvarl The result follows by i.h. 

and applving l — >Uvarl 

• Case Ar = (A£, a = t): The concluding rule must have been | — >Eqn| The result follows by 

i.h. and applying l — >Eqn| 

• Case Ar = (A^, ►£): Similar to the previous case, with rule l — >Markerl 

• Case Ar = (A^,x : A): Similar to the previous case, with rule I >Vad 

(ii) Similar to part (i), except that when Ar = •, apply rule l — >Solvel 

(iii) Similar to part (i), except that when Ar = •, apply rule I >Solved1 using the given equality to satisfy 

the second premise. □ 

Lemma 27 (Parallel Extension Solution). 

If Fl , : k, Fr —* * Al, ft : k = t',Ar and Tl b x : k and [AlJt = [AlJt' 

then F L , ft : k = t, Fr — > A L , ft : k = t', Ar. 

Proof. By induction on Ar . 

In the case where Ar = •, we know that rule I >Solvel must have concluded the derivation (we can 
use Lemma [l9l dDeclaration Preservation!) to get a contradiction that rules out I — >AddSolvedl) : then we 
have a subderivation Fl — 1 Al, to which we can applv P^Solvedl □ 

Lemma 28 (Parallel Variable Update). 

If Tl, ft : k, Tr — » Al, ft : k = To, Ar and Tl h xi : k and Al h T 2 : k and [AlHo = [AlJti = [Al]t 2 

then r L , ft : k = Ti , T R — > A L , ft : k = T 2 , Ar. 

Proof. By induction on Ar. Similar to the proof of Lemma [27l dParallel Extension Solutionh . but applying 
I — >Solvedl at the end. □ 

Lemma 29 (Substitution Monotonicity). 


January 21, 2016 


D' Properties of Extension 


48 


(i) If T — > A and F I- t : k then [A] [F] t = [A]t. 

(ii) IfV — > A and F h P prop then [A] [r] P = [A]P. 

(Hi) IfV — > A and F h A type then [A][F]A = [A] A. 

Proof. We prove each part in turn; part (i) does not depend on parts (ii) or (iii), so we can use part (i) as 
a lemma in the proofs of parts (ii) and (iii) . 

• Proof of Part (i): By lexicographic induction on the derivation of V :: F — ) A and F h t : k. We 
proceed by cases on the derivation of V b t : k. 


“ Case ft : k G r i 

— — |VarSort| 

r i- a : k 


[F] a = a Since a is not solved in V 

[A] a = [A] a Reflexivity 

= [A] [F] a By above equality 


- Case 


(a : k) g F 
F h a : k 


IVarSortl 


Consider whether or not there is a binding of the form (a = x) G F. 


* Case (a = x) G T: 

A = (A 0 ,a = x',A 1 ) 

V :: r 0 — > A 0 

V < V 

(1) [A 0 ]x' = [A 0 ]x 

(2) [Aq][Fo]x= [A 0 ]x 

[A] [F] a = [A 0 , cx = x'.AtHFo, a = x.F^a 
= [A 0) a = x', Ai][F 0 , a = x]a 
= [A 0 , a = x', AtHFoJx 
= [Ao][Fo]x 
= [Ao]x' 

= [A 0 , a = x']a 
= [A 0 , a = x', Alla 
= [A] a 

* Case (a = x) ^ T: 

[F] a = a By definition of substitution 
[A] [F] a = [A] a Apply [A] to both sides 


By Lemma 1221 ([Extension Inversion!) (i) 
// 

II 

II 

By i.h. 

By definition 
Since a ^ dom(Fi ) 

By definition of substitution 
Since FV( [FoJx) n dom(Ai ) = 0 
By (2) and (1) 

By definition of substitution 
Since FV([Ao]x) n dom(Ai ) = 0 
By definition of A 


- Case 

Fq, a : k = x, Ti b a : k 
Similar to the lVarSortl case. 

- Case 

— — lUnitSortl 

F b 1 : * 


ISolvedVa rSortl 


[A]l = 1 = [A] [F] 1 Since FV(1) = 0 


- Case 


T h xi : * T h xj : * 
F h xi ® X2 : * 


IBinSortl 


[A] [r]xi = [A]xi 
[A] [r]x 2 = [A]x 2 

[A] [F]x! © [A] [r]x 2 = [A]xi © [A]x 2 
[A] [F] (xi ©x 2 ) = [A](xi ©x 2 ) 


By i.h. 

By i.h. 

By congruence of equality 
Definition of substitution 
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- Case 


P b zero : N 


IZeroSortl 


[A]zero = zero = [A][r]zero Since FV(zero) = 0 


- Case 


Tb t:N 
F b succ(t) : N 


ISuccSortl 


[A] [F] t = [A]t 
succ([A][r]t) = succ([A]t) 
[A][r]succ(t) = [A]succ(t) 


By i.h. 

By congruence of equality 
By definition of substitution 


• Proof of Part (ii) : We have a derivation of F b P prop, and will use the previous part as a lemma. 


Case r (_ t . N 
P b t 


Tb t':N 
t ' prop 


|EqProp| 


[A] [F] t = [A]t 
[A][P]t'= [Alt' 

([A] [r]t = [A][rit') = ([Alt = [Alt') 
[A][r](t = t') = [A](t = t') 


By part (i) 

By part (i) 

By congruence of equality 
Definition of substitution 


• Proof of Part (iii): By induction on the derivation of F b A type, using the previous parts as 
lemmas. 


- Case 


fu:*) G T 


IVarWFI 


P b u type 

Pbu:* Bv rule lVarSortl 
[A] [r]u = [A]u By part (i) 

- Case 


(6l : * = t) e P 


ISolvedVarWFI 


P b & type 

P b & : * By rule lSolvedVarSortl 
[A] [P] 6t= [A] & By part (i) 

- Case 

lUnitWFI 

P b 1 type 

Tb 1 :* Bv rule fUnitSortl 
[A] [r] 1 = [A]l By part (i) 

- Case 


P b Ai type T b A 2 type 


IBinWFI 


T b A] © A 2 type 

[AltHA! = [A]Ai By i.h. 

[A][r]A 2 = [A]A 2 By i.h. 

[A][r]A, © [A][P]A 2 = [A] A] © [A] A 2 By congruence of equality 
[A][P](Ai © A 2 ) = [A](Ai © A 2 ) Definition of substitution 
- Case lVecWFl Similar to the lBinWFI case. 


- Case 


fa: Kb A 0 type 
f b Va : k. Ao type 


I Fora 1 1 WFI 


r — > a 

P, oc : k — > A, oc : k 
[A, a : k][P, a : k]Ao = [A, a : k]Ao 
[A][P]A 0 = [A]A 0 
Va : k. [A] [P] Ao = Va : k. [A]Ao 
[A] [r](Va : k. A 0 ) = [A](Va : k. A 0 ) 


Given 

By rule l — >Uvarl 
By i.h. 

By definition of substitution 
By congruence of equality 
By definition of substitution 
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- Case lExistsWFI 

- Case 


Similar to the lForallWFI case. 
r h P prop T h Aq type 


T I- PdA 0 type 

[A][F]P = [A]P 
[A][F]A 0 = [A]A 0 

[A] [r]P D [A][F]A 0 = [A]P D [A]A 0 
[A][F](P D A 0 ) = [A](P D A 0 ) 


mpliesWF] 


By part (ii) 

By i.h. 

By congruence of equality 
Definition of substitution 


- Case 


F b P prop fh Aq type 


T b Ao A P type 
Similar to the lmpliesWF|case. 


IWithWFI 


□ 


Lemma 30 (Substitution Invariance). 

(i) If T — > A and F b t : k and FEV ( [F] t) = 0 then [A] [r] t = [F]t. 

(ii) Iff — > A and V b P prop and FEV([r]P) = 0 then [A] [T] P = [r]P. 

(iii) If T — > A and V b A type and FEV ( [F] A) = 0 then [A] [r] A = [F] A. 

Proof. Each part is a separate induction, relying on the proofs of the earlier parts. In each part, the result 
follows by an induction on the derivation of V — > A. 

The main observation is that A adds no equations for any variable of t, P, and A that F does not 
already contain, and as a result applying A as a substitution to [F]t does nothing. □ 

Lemma 24 (Soft Extension). 

If T — ) A and T, 0 ctx and 0 is soft, then there exists Cl such that dom(0) = dom(£l) and T, 0 — > A, Cl. 
Proof. By induction on 0. 


• Case 0 = •: We have V — > A. Let Cl = ■. Then T, 0 — > A, Cl. 

• Case 0 = (0', & : k = t): 

F,0' — >F,Q' By i.h. 

•s- F, 0', ct : k = t — > A, D/, cc '. k — t By rule I — >Solvedl 

o n 

• Case 0 = (0', & : k): 

If k = *, let t = 1; if k = N, let t = zero. 

F, 0' — By i.h. 

•s- F, 0', fit : k — > A , O', & : k = t Bv rule T — >Solvel □ 

o a 

Lemma 31 (Split Extension). 

If A — > Q 

and 6t £ unsolved(A) 

and Cl = Hi [ft : k = ti] 

and Cl is canonical (Definition^ 

and Q b t2 : k 

then A — > Oi [6t : k = t 2 ]. 

Proof. By induction on the derivation of A — » £1. Use the fact that £1 1 [& : k = t|] and £1 1 [« : k = t 2 ] 
agree on all solutions except the solution for 6t. In the I — >Solvel case where the existential variable is 6l, 
use Q b ti : k. □ 


Proof of ILemma 321 (Extension Reflexivity) lem:extension-reflexivity 


Proof of]Lemma_3 2| ( Extension Reflexivity)) lem:extension-reflexivity 


D'.l Reflexivity and Transitivity 

Lemma 32 (Extension Reflexivity). 

If T ctx then V — > E. 

Proof. By induction on the derivation of P ctx. 
• Case 

Empty Ctx 


Ctx 


By rule l — ddl 


• Case 


T ctx x £ dom(P) T h A type 
T, x : A ctx 

P — > P By i.h. 

[P] A = [P] A By reflexivity 

P, x : A — ■> P, x : A By rule l — >Varl 


HypCtx 


• Case 


P ctx u : k ^ dom(P) 
P, u : k ctx 


IVarCtxl 


P — > T By i.h. 

P, u : k — ■> T, u : k By rule l — >Uvarl or [^^Unsolvedl 


• Case 


T ctx Si fz. dom(r) P h t : k 
T, ct : k = t ctx 


Solved Ctx 


P — > P By i.h. 

[P]t = [P] t By reflexivity 

f, & : k = t — > P, & : k = t By rule l — >Solvedl 


• Case 


P ctx a : k £ T 


( a = — ) d p P I- x : K 


T, a = t ctx 


EqnVarCtx 


T — > P By i.h. 

[P] t = [P]t By reflexivity 
P, a = t — > P, a = t By rule| — >Eqn| 


• Case 


r ctx 


t r 


r, ►u ctx 


MarkerCtx 


P > P By i.h. 

T, ►u. — > P, ►u By rule l — >Markerl 

Lemma 33 (Extension Transitivity) . 

IfV :: T — > 0 and V :: 0 — > A then V — > 

Proof. By induction on V . 

• Case 

S3 


A. 


r = • By inversion on V 
■ — >■ Bv rule P— >ldl 

P — > A Since V = A = • 
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□ 


Proof of ILemma 331 (Extension Transitivity I lem:extension-transitivity 
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• Case 


0' — > A' 


[A']A = [A']A' 


0',x. : A — > A',x: A' 

0 A 


I >Var| 


T = (F',x : A") By inversion on V 
[0]A" = [0]A By inversion on V 

F' — ) 0' By inversion on V 

V — > A' By i.h. 

[A'][0']A" = [A'] [O'] A By congruence of equality 

By Lemma [29] ( [Substitution Monotonicity I 
By premise [A']A = [A'] A' 


[A'] A" = [A'] A 
= [A']A' 


T', x : A" — > A', x : A' Bv l — >Varl 


• Case 


0' — > A' 


0', oc : k — > A^ocjjc 
0 A 


I — >Uvarl 


T = (F', a : k) By inversion on V 
T' — > 0' By inversion on V 

T' — > A' By i.h. 

F',a:K — >A', cx:k Bv l — >Uvarl 


• Case 


0' — > A' 


- 1 — > Unsolved I 


0', 6i : k — > A', 6t : k 
0 A 

Two rules could have concluded V :: F — > (0', 6t : k): 


- Case 


F' — > 0' 


- 1 — >Unsolvedl 


r 


r' — > a' 

By i.h. 

F', & : k — » A', ft : k 

Bv rulel — >Addl 

Case p q/ 


r 

F — >0',ft: k 1 - 

PAddl 


A' By i.h. 

A',&:k By rule P— >Addl 


• Case 0 , — + A / [A /] t = [ A ']t' 


- 1 — >Solvedl 


0 ; , & : k = t — > A\ & : k = t' 

0 A 

Two rules could have concluded V :: F — > (0', & : k = t): 


- Case 


F' — > 0' [0']t" = [0']t 


I — >Solvedl 


Fh 6t : k = t" — >0',&: k =t 
r 

F' — > A' By i.h. 

[© '] t " = [0']t Premise 

[A'K©']!" = [A'][0']t Applying A' to both sides 

[A']t" = [A']t By Lemma |29l ( [Substitution Monotonicity I 

= [A']t' By premise [A']t = [A']t' 

F', & : k = t" — } A', : k = t' By rule I — >Solvedl 
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— Case p ^ g/ 

t 1 — >AddSolvedl 

r — >©',&: K = t 

r — > A' Byi.h. 

P — » A', ft : k = t' By rule I — >AddSolved1 


• Case 


0' 


A' [A']t = [A '] t ' , 


r= (r',a = t") 
r — > o' 

[0']t" = [o']t 
[A'] [0 '] t " = [A'] [0']t 

r — > a' 

[A']t" = [A']t 
= [Alt' 

r',a = t" — > A',ct = t' 


By inversion on V 
By inversion on V 
By inversion on V 
Applying A' to both sides 
By i.h. 

By Lemma [29] ( [Substitution Monotonicity ) 
By premise [A']t = [A']t' 


By rule — >Eqn 


• Case 


0 


A' 


- I — >Addl 


0 — > A', ft: k 

A 

L — ■> A' By i.h. 

T — > A', ft : k By rule I — >A~dd1 


• Case 


0 


A' 


0 


■ A', ft : k — t 

A 


I — >AddSolvedl 


T — > A' By i.h. 

P — > A', ft : k = t By rule I — >AddSolved1 


• Case 


0' — > A' 


0', ►u — > A', ► 

0 A 


- I — >Markerl 


r = r> u 

By inversion on V 


r — * ©' 

By inversion on V 


r — > a' 

By i.h. 


r, ►u — > a', ►u 

Bvl — iUvarl 

□ 


D'.2 Weakening 

Lemma 34 (Suffix Weakening) . IfV h t : k then T, 0 h t : k. 

Proof. By induction on the given derivation. All cases are straightforward. □ 

Lemma 35 (Suffix Weakening) . If V b A type then (01- A type. 

Proof. By induction on the given derivation. All cases are straightforward. □ 

Lemma 36 (Extension Weakening (Sorts)). If V b t : k and V — > A then Ah t : k. 

Proof. By a straightforward induction on V b t : k. 

In the IVarSoitl case, use Lemma l22l ([Extension Inversion!) (i) or (v). In the ISolvedVarSortl case, use 
Lemma l22l (Extension Inversion!) (iv). In the other cases, apply the i.h. to all subderivations, then apply 
the rule. □ 


Proof of ILemma 37f( Extension Weakening (Props) ) lem:extension- weakening-prop 


Proof of\Lemma 37\ ( Extension Weakening (Props))) lem:extension-weakening-prop 
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Lemma 37 (Extension Weakening (Props)). Iff F P prop and F — > A then A F P prop. 
Proof. By inversion on rule |Eq Prop) and Lemma l36l ( [Extension Weakening (Sorts) ) twice. 
Lemma 38 (Extension Weakening (Types)). If F F A type and T — > A then Ah A type. 


□ 


Proof. By a straightforward induction on F F A type. 

In the IVarWFl case, use Lemma l22l (Extension Inversion!) (i) or (v). In the ISolvedVarWFI case, use 
Lemma l22l (Extension Inversion!) (iv). 

In t he other cases, apply the i.h. and/or (for|lmpliesWF|andlWithWFl) Lemm al37l(Extension Weakening 
(Props)) to all subderivations, then apply the rule. □ 


D'.3 Principal Typing Properties 

Lemma 39 (Principal Agreement) . 

(i) If T h A ! type and V — > A then [A] A = [F] A. 

(ii) If T F P prop and FEV(P) = 0 and T — > A then [A]P = [F]P. 

Proof. By induction on the derivation of F — > A. 

Part (i): 

* Case F 0 — > A 0 [Aojt = [A 0 ] t ' , 

Fo,a = t — >Ao,a=:t 

A 

If a ^ FV(A), then: 

[r 0 , a = t]A = [Fo]A By def. of subst. 

= [Ao]A By i.h. 

= [Ao, a = t']A By def. of subst. 

Otherwise, a S FV(A). 

Fo P t type V is well-formed 

Fo F [Fo]t type By Lemma 11.31 ( [Rlght-I land Substitution for Typing ! 
Suppose, for a contradiction, that FEV([Fo]t) 0. 

Since oc € FV(A), we also have FEV([r]A) 0, a contradiction. 


FEV([r 0 ]t) ± 0 

Assumption (for contradiction) 

[r 0 ]t = [F]a 

By def. of subst. 

FEV([F]a) ^ 0 

By above equality 

a e FV(A) 

Above 

FEV([r]A) ± 0 

By a property of subst. 

T F A ! type 

Given 

FEV([r]A) = 0 

By inversion 



FEV([r 0 ]t) =0 

By contradiction 

r 0 F t ! type 

By PrincipalWF 

[r 0 ]t = [Ao]t 

By i.h. 

r 0 F [A 0 ]t type 

By above equality 

FEV([A 0 ]t) = 0 

By above equality 

To F [[A 0 ]t/a] A ! type 

Bv Lemmal8l(ISubstitution — Well-formednessl) (i) 

[F 0 J [[A 0 ]t/a] A = [A 0 ] [[A 0 ]t/a] A 

By i.h. (at [[A 0 ]t/a]A) 

[F 0 , a = t]A = [F 0 ] [[r 0 ]t/a] A 

By def. of subst. 

= [r 0 ] [[A 0 ]t/a] A 

By above equality 

= [A 0 ] [[A 0 ]t/a] A 

By above equality 

= [A 0 ] [[A 0 ]t'/a] A 

By [Ao]t = [Ao] t ' 

= [A] A 

By def. of subst. 


Proof of ILemma 391 ( Principal Agreement I lem:substitution-tpp-stable 


Proof of]Lemma 


39l ( Principal Agreement)) 


lem:substitution-tpp-stable 
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• Case I — >Solvedlf — >Solve1l — > Addl I — ^Solved! 


Similar to the| — >EqrT 


case. 


• Case I — TTdl 1 — >Varll — >Uvar!l — ^Unsolved!! — > Marker! 

Straightforward, using the i.h. and the definition of substitution. 


Part (ii): Similar to part (i), using part (ii) of Lemma 151 (I Substitution — Well-formednessl) . 


Lemma 40 (Right-Hand Subst. for Principal Typing) . Iff E A p type then F E [F]A p type. 


□ 


Proof. By cases of p: 

• Case p = !: 

r e 

FEV([r]A) = 

r e 

r — * 

[F][F]A = 
FEV ( [F] [T] A) = 

T E 


• Case p = /: 

F E A type 
F E [F] A type 
F I- A /type 

Lemma 41 (Extension 

Proof. By cases of p: 


A type 

By inversion 

0 

By inversion 

[F]A type 

By Lemma [13J (|Right-Hand Substitution for Typing) 

F 

By Lemma [32J ([Extension ReflexivityP 

[DA 

By Lemma [29J ([Substitution Monotonicity I 

0 

By inversion 

[F] A ! type 

By rule PrincipalWF| 


By inversion 

By Lemma [T3] ( [Right-Hand Substitution for Typing ) 

By rule NonPrincipalWF □ 

Weakening for Principal Typing). If T P A p type and T — > A then Ah Ap type. 


• Case p = /: 

TEA type 
Ah A type 
A h A / type 

• Case p = !: 


By inversion 

By Lemma [38] ( [Extension Weakening (Types) ) 
By rule |NonPrincipalWF] 


TEA type 

By inversion 

FEV([F]A) = 0 

By inversion 

A E A type 

By Lemma [38J ([Extension Weakening (Types) P 

A E [A]A type 

By Lemmall3l (|Right-Hand Substitution for Typing) 

[A] A = [F] A 

Bv Lemma|30| ((Substitution Invariancel) 

FEV([A]A) = 0 

By congruence of equality 

A E [A]A ! type 

By rule|PrincipalWF| 


Lemma 42 (Inversion of Principal Typing). 

(1) Iff E (A — > B) p type then Th Ap type and Th Bp type. 

(2) If F I- (P D A) p type then F h P prop and Th Ap type. 

(3) Iff I- (A A P) p type then F h P prop and Th Ap type. 

Proof. Proof of part 1 : 

We have TP A — > B p type. 


• Case p = /: 



1 F E A — > B type 

By inversion 

TEA type 

By inversion on 1 

FEB type 

By inversion on 1 

TEA/ type 

By rule 

NonPrincipalWF 

T E B / type 

By rule 

NonPrincipalWF| 


□ 


Proof of ILemma 42f( Inversion of Principal Typing ) lem:principal-inversion 


Proof oflLemma 42\ ([Inversion of Principal Typing]) lem:principal-inversion 
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• Case p = !: 

1 F F A — > B type 

0 = FEV([r](A — > B)) 

= FEV([F]A -> [F]B) 

= FEV([F]A) U FEV([F]B) 
FEV ( [F] A) = FEV([F]B) =0 
F F A type 
FF B type 
F F A ! type 
F F B ! type 


By inversion on F F A — > B ! type 
n 

By definition of substitution 
By definition of FEV(— ) 

By properties of empty sets and unions 
By inversion on 1 
By inversion on 1 
By rule 
By rule 


PrincipalWF 

PrincipalWF 


Part 2: We have F F Pd Ap type. Similar to Part 1. 
Part 3: We have F F A A P p type. Similar to Part 2. 


□ 


D'.4 Instantiation Extends 

Lemma 43 (Instantiation Extension). 
ffTF ft := t : k HA then V — ■> A. 

Proof. By induction on the given derivation. 


Case 


Fl F t : k 


Tl, ft : k, Fr F ft := t : k H Fl, ft : k = t, Fr 
r 

Follows by Lemma [23] (|Deep Evar Introduction I (ii) . 


InstSolve 


Case 


0 £ unsolved(Fo[ft : k][$ : k]) 


To [ft : k] [(3 : k] F ft := (3 : k H Fo [ft : k] [|3 : k = ft] 

' V 

r 


InstReach 


Follows by Lemmal23l(|Deep Evar Introduction I (ii). 


Case 


r 0 [ft 2 : fti : ft : * = fti 0 ft 2 ] F ft, := Ti : * H 0 0 F ft 2 := [0]t 2 :* H A 

F 0 [ft : ★] F ft := Ti 0 t 2 : * HA 


InstBin 


Fo [ft 2 : *, fti : *, ft : * = fti 0 ft 2 ] F fti := ti :* H0 Subderivation 
r 0 [ft 2 : *, fti : ft : * = fti 0 ft 2 ] — ■> 0 By i.h. 

0 F ft 2 := [0]t 2 : * H A Subderivation 
0 — * A By i.h. 

Fo[ft 2 : *, fti : ft : * = fti 0 ft 2 ] — > A By Lemma [33l ( [Extension Transitivity I 

Fo [ft : ★] — > Fo [ft 2 : *, fti : *, ft : * = fti 0 ft 2 ] By Lemma [231 ( [Deep Evar Introduction I 

(parts (i), (i), and (ii), 

using Lemma 1331 ( [Extension Transitivity I ) 

Fo[ft:*] — >A By Lemma 1331 ( [Extension Transitivity] ) 


Case 


Fo [ft : N] F ft := zero : N H Fo [ft : N = zero] 
Follows by Lemma l23l ( |Deep Evar Introduction I (ii). 

Case F[fti : N, ft : N = succ(&i )] F ft, := h:NHA 
F[ft:N] F ft:= succ(ti) :N H A 

By reasoning similar to the llnstBinl case. 


InstZero 


InstSucc 


□ 
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D'.5 Equivalence Extends 

Lemma 44 (Elimeq Extension). 

7fr/s = t:KHA then there exists 0 such that F, 0 — » A. 

Proof. By induction on the given derivation. Note that the statement restricts the output to be a (consis- 
tent) context A. 


• Case 


ElimeqUvarRefl 


r/a=a:KHr 

Since A = F, applying Lemma l32l ( [Extension Reilexivity ) suffices (let 0 = •)• 
• Case 

ElimeqZero 


T / zero = zero : N H F 


Similar to the ElimeqUvarRefl 
• Case 


case. 


F / a = t : N HA 


T / succ(cr) = succ(t) : N H A 
Follows by i.h. 

• Case 


ElimeqSucc 


TofS. : k] I- & := t : k HA 


ElimeqlnstL 


Fo [& : k] / & = t : k HA 
r 

rhft:=t:K HA Subderivation 
T — > A By Lemma |43| ([Instantiation Extension!) 

Let 0 = •. 

«*■ F, 0 — > A By 0 = • 


• Case 


a FV( [F] t) (a = — ) ^ F 

EhmeqUvarL 


T / a = t : k H ( a = t 
Let 0 be (a = t). 

»*■ F, a = t — ■> F, a = t By Lemma [32l ( [Extension Reflexivity I 


0 


Cases ElimeqlnstR[ ElimeqUvarR 


Similar to the respective L cases. 


• Case 


u # t 


ElimeqClash 


F/ff = t:K Hi 

The statement says that the output is a (consistent) context A, so this case is impossible. □ 

Lemma 45 (Elimprop Extension) . 

If T / P HA then there exists 0 such that F, 0 — ) A. 

Proof. By induction on the given derivation. Note that the statement restricts the output to be a (consis- 
tent) context A. 


• Case 


F /a = t:N HA 
r/(j = tHA 


ElimpropEq 


F / cr = t:NHA Subderivation 
•s- T, 0 — >A By Lemma 1441 (jEhmeq Extension ) 


□ 


Proof of ILemma 461 ( Checkeq Extension I lemxheckeq-extension 


Proof of\Lemma 46) dCheckeq Extension!) lemxheckeg-extension 
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Lemma 46 (Checkeq Extension). 

Ifr\- A = B HA then F — > A. 

Proof. By induction on the given derivation. 
• Case 

CheckeqVar 


rh u = u:k HT 
Since A = F, applying Lemma l32l ( [Extension Reflexiviiy[ ) suffices. 

• Cases Checkeqllnit, CheckeqZero: Similar to the (CheckeqVar case. 

• Case 


T h ti = t( : * H 0 0h [0 ]t 2 a [0]t' : * H A 
F h T] ffi t2 = tJ 0 Tj : * H A 

0 By i.h. 

A By i.h. 

A By Lemma [33] ([Extension Transitivity I 


CheckeqBin 


r 

0 

F 


• Case 


Th a = t : N HA 


T h succ(cr) A succ(t) : N H A 


CheckeqSucc 


F h cr A t : N HA Subderivation 
•s- F — * A By i.h. 


• Case 


r 0 [a]h fit:=t:K HA & g FV([r 0 [&]]t) 
r 0 [a] h a A t : k HA 


CheckeqlnstL 


Tota] h a := t : k HA Subderivation 
«*■ Total — >A By Lemma 143 1 (llnstantiation Extension!) 


Case|CheckeqlnstR] Similar to the CheckeqlnstL 


case. 


Lemma 47 (Checkprop Extension) . 

If T h P true H A then V — ■> A. 

Proof. By induction on the given derivation. 
• Case 


Fh <jAt:N HA 
T h a = t true 


CheckpropEq 


rhcjAt:N HA Subderivation 
F — > A By Lemma 1461 (|Checkeq Extension I 


Lemma 48 (Prop Equivalence Extension) . 

If T h P = Q H A then V — * A. 

Proof. By induction on the given derivation. 

• Case rh ff| i T| :N q 0 0 h ff 2 A t 2 : N HA 
F h (ct! = ct 2 ) = (ti =t 2 ) HA 


=PropEq 


F h O] Aq : N H 0 Subderivation 
F — >0 By Lemma 1461 ( [Checkeq Extension ) 

0 h cr 2 A t 2 : N HA Subderivation 
0 — >A By Lemma 1461 ( [Checkeq Extension ) 

F — »A By Lemmal33l ([Extension Transitivity I 


□ 


□ 


□ 


Proof of ILemma 491 (Equivalence Extension! lem:equiv-extension 


Proof of]Lemma 49\ ([Equivalence Extension]) lem:eguiv-extension 
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Lemma 49 (Equivalence Extension). 

Ifr\- A = B HA then F — > A. 

Proof. By induction on the given derivation. 


• Case 


=Var 


r h a= a H r 

Here A = F, so Lemma l32l ( [Extension Reflexivity l suffices. 
• Case 

= Exvar 


r h a = a h r 

Similar to the l=Varl case. 
• Case 


=Unit 


r h i = i h r 

Similar to the l_Varl case. 


• Case 


n- a, = Bt h 0 


0 b [0]A 2 = [0]B 2 H A 


T I- (Ai 0 A 2 ) = (Bi © B 2 ) h a 


r h a, = Bt h 0 

r — 10 

0 b [0]A 2 = [0]B 2 H A 
0 — ¥ A 
F — ¥ A 


Subderivation 
By i.h. 

Subderivation 
By i.h. 

By Lemma [33] ([Extension Transitivity ) 


• Case =Vec: Similar to the |=0l case. 


• Cases =D, =A: 
first premise. 


Similar to the |=0| case, but with Lemma [48] (|Prop Equivalence Extension) on the 


* Case F a : k b A 0 = B H A, a : k, A' 

— 1 1 — =V 

F b Va : k. Ao = Va : k. B HA 

f a : k h Ao = B H A, a : k, A' Subderivation 

F, a : k — ¥ A, a : k, A' By i.h. 

•s- F — > A Bv Lemma 1221 (lExtension Inversion!) (i) 


• Case 


r 0 [&]b a : =T:* * ha FV([r 0 [a]]T) 
r 0 [&] h a = t h a 


=lnstantiateL 


•S’ 


r 0 [a] b a := t : * H A 
r 0 [a] — » a 


Subderivation 

By Lemma [43] ([Instantiation Extension!) 


r 

• Case 1= Instantiated Similar to the l=lnstantiatelll case. 


□ 


D'.6 Subtyping Extends 

Lemma 50 (Subtyping Extension). Iff b A<: T B HA then V — ¥ A. 
Proof. By induction on the given derivation. 


Proof of ILemma 501 ( Subtyping Extension I lem:subtyping-extension 


Proof o/|Lemma_50l (iSubtyping Extension)) lem:subtyping-extension 
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Case 


P, ►&, & : k h [&/ a] A < : B HA, ► <*, 0 

Pb Va: k.A<:“ BHA 


<:VL 


r, ►a, oi : k b [&/a]A < : BHA, ^^,0 Subderivation 

r, ►&, &:k — > A, ►a, 0 Byi.h. (i) 

•s- F — ) A Bv Lemma 1221 (lExtension Inversion!) (ii) 


Case < : 3 R : Similar to the l< : VLI case . 

Case 


P, a : k b A<:*B HA, a : k, 0 


<:VR 


rh Ac* Va: K.B H A 
Similar to the l< :VLl case. but using part (i) of Lemma l22l (lExtension Inversion!) . 
Case < : 3L: Similar to the l< : VRl case. 

Case 


rh A=B HA 
ThAc’BHA 


< : Equiv 


T h A = B HA Subderivation 
«*■ F — > A By Lemma|49l ([Equivalence Extension 1 


□ 


D'.7 Typing Extends 

Lemma 51 (Typing Extension). 

7/ T h ehAp HA 
orfh e A p HA 
or P h s:Ap>Bq HA 
or T h n :: A 4=^C p H A 
orP / P h IT :: A <(= C p HA 
then P — ■> A. 

Proof. By induction on the given derivation. 


• Match judgments: 

In rule MatchEmpty, A — V, so the result follows by Lemma l32l ( [Extension Reflexivity I . 

Rules MatchBase, Match x, Match+k and MatchWild each have a single premise in which the con- 
texts match the conclusion (input T and output A), so the result follows by i.h. For rule MatchSeq, 
Lemma l33l ( [Extension TransitivityP is also needed. 

In rule MatchH, apply the i.h., then use Lemma l22l (lExtension Inversion!) (i). 

MatchA: Use the i.h. 

MatchNeg: Use the i.h. and Lemma l22l (lExtension Inversion!) (v). 

Match_L: Immediate bv Lemma 1321 ( [Extension ReflexivityP . 

MatchUnify: 


r^p,©' — * 0 

0 — > A, pp, A 7 
P, pp, 0' — i A, pp, A' 


A 


By Lemma [44] ( |Elimeq Extension ) 

By i.h. 

By Lemma 1331 ( [Extension Transitivity ) 
By Lemma [22] (lExtension Inversion!) (ii) 


• Synthesis, checking, and spine judgments: In rules IVarl [Til lEmptySpiriel an d |pl_Ll the output 
context A is exactly T, so the result follows by Lemma l32l ([Extension Reflexivity I . 


- CaselVi} Use the i.h. and Lemma 1331 ( [Extension TransitivityP . 

- Case |VSpine[ Bv l — >Addl P — r P, & : k. 

The result follows by i.h. and Lemma 1331 ([Extension Transitivity ) . 


Proof of ILemma 511 (Typing Extension) lem:typing-extension 


Proof o/|Lemma_5l1 (ITyping Extension)) lem:typing-extension 
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- Cases l7\il|pSpine| Use Le mma[47| ([Checkprop Extension!), the i.h., and Lemmal33l ( Extension 
Transitivity) . 

- Cases [NiillConsl Using reasoning found in the lAfl and [ 3 TI cases. 

- Case 31: Use the i.h. 

- Casefpil 


>0 By Lemma l45l ( [Efimprop Extension ) 

> A, ►p, A By i.h. 

>A,*-p,A By Lemma l33l ( [Extension Transitivity ) 

> A By Lemma [22] (lExtension Inversion!) 

Use the i.h. and Lemma 1221 (lExtension Inversion!) . 

- Cases ISubllAn no! I >Et — >E-!, | — >Spi ne[ F+TiTl [><~il 

Use the i.h., and Lemma 1331 ( [Extension Transitivity ) as needed. 

- Case II I txl By Lemma l23l ( |Deep Evar Introduction ) (ii). 

- Case |dSpine[|+l&i~l|xldt 
Use Lemma 


r>p,0' 

0 

r> P ,0' 
•s’ r 

- Cases r^Tl I Reel 


| (Deep Evar Introduction) (i) twice, Lemma [23] ( Deep Evar Introduction) (ii), 
the i.h., and Lemma I33H Extension Transitivity). 

- Case I— >lixl Use Lemma [2 3] jDeep Evar Introduction]) (i) twice, Lemma [23] ( Deep Evar 

Introduction) (ii). the i.h. and Lemma l22l (lExtension Inversion!) (v). 

- Case ICasel Use the i.h. on the synthesis premise and the match premise, and then Lemma 

1331 ( Extension TransitivityP . □ 


D'.8 Unfiled 

Lemma 52 (Context Partitioning) . 

If A, ►&,© — } d, ►&,Oz then there is a h 7 such that [d, ► &, dz!(A, ►&,0) = [d]A,W. 

Proof. By induction on the given derivation. 

• Case I — >ldl Impossible: A, ►&,© cannot have the form •. 

• Case I — >Vad We have Qz = (d^x : A) and 0 = (0',x : A'). By i.h., there is V' such that 

[d, ► g^d^KA, ► &, 0') = [d]A,¥'. Then by the definition of context application, [£!,►&, Cl z ,x : 
A](A,» & ,e\x:A’) = [Cl\A,V',x:[Cl']A.LetV=lV\x:lCl'}A). 

• Case l — >Uvarl Similar to the I — ;>Varl case. with V = (W, a : k). 

• Cases P^->Eqn[P— iUnsolvedll — iSolvedlP^-iSolveir — iAddll — >AddSolvedlP^-> Marker! 

Broadly similar to the l — >Uvarl case. but the rightmost context element disappears in context appli- 
cation, so we let M 7 = T". □ 

Lemma 54 (Completing Stability). 

if r — > d then [d]r = [d]d. 

Proof. By induction on the derivation of f — > Cl. 

• Case 

Immediate. 

• Case Fo Qq [Qo]A = [n 0 ]A' , 

; 1 — >Varl 

To,x : A — ) do,x : A 

To — > do 

[d 0 ]r 0 = [ci 0 ]ci 0 

[d 0 ]A = [d 0 ]A' 

[d 0 ]r 0 ,x : [do]A = [d 0 ]d 0 ,x : [do]A' 

[do,x : A'](Fo,x : A) = [do,x : A'](do,x : A') By definition of substitution 


Subderivation 
By i.h. 

Subderivation 
By congruence of equality 


Proof of ILemma 541 ( Completing Stability ) lem:completes-st ability 


Proof ofjLemma 54l ([Completing Stability!) lemxompletes-stability 
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• Case 


To — > Q-o 


To, oc : k — > Qo> oc : k 

Similar to I >Va71 


I — tUvarl 


• Case 


To — > O.Q 


To, & : k — > Do, ft : k 

Similar to I )Va71 


I — >Unsolvedl 


• Case 


To — > O-o [fi 0 ]t — [Oo]t / 

To, ft : k = t — > flo, ft : k = t 

Similar to l — >Varl 


- 1 — tSolvedl 


• Case 


To — » ci c 


fo, ►& — > n 0 , ►& 

Similar to l — >Varl 


I — tMarkerl 


• Case 

To, 0 : k' 
Similar to[ 


r 0 


-> Qq 

n 0 , $ : k' = t 


I — tSolvel 


Van 


• Case 


To — > Clo [n 0 ]t' = [Oo]t 
To, a = t' — » Qq) a = t 


I >E q n i 


To — > O-o 
[n 0 ]t' = [dolt 
LQ 0 ]r 0 = [n 0 ]a 0 

[[n 0 ]t/a]([n 0 ]ro) = [[n 0 ]t/a]([n 0 ]no) 
[d 0 , a = t](F 0 , a = t') = [H 0 , a = t](H 0) a = t) 


Subderivation 
Subderivation 
By i.h. 

By congruence of equality 
By definition of context substitution 


• Case 


n 0 


n 0 , ft : k 


I — >Addl 


r— tQo 

[Q 0 ]r = [n 0 ]n 0 

[Do, ft : k]T = [Do, ft : k](Qo> & : k) 


Subderivation 
By i.h. 

By definition of context substitution 


• Case 


n 0 


n 0 , ft : k = t 


I — >AddSolvedl 


Similar to the l — >Addl case. 


Lemma 55 (Completing Completeness). 

(i) If Cl — > Cl’ and flb t: k then [II] t = [H']t. 

(ii) If Cl — } Cl' and Cl b A type then [II] A = [O'] A. 

(iii) If a — > Cl' then [D]Q = [O'] O'. 

Proof. 


□ 


Proof of ILemma 55f( Completing Completeness I lemxompleting-completeness 


Proof of\Lemma__55H Completing Completeness!) lemxompleting-completeness 
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• Part (i) : 


By Lemma 1291 ( [Substitution Monotonicity ) (i), [Q']t = [T)'][£l]t. 


Now we need to show [Q'][D]t = [Q]t. Considered as a substitution, Cl' is the identity everywhere 
except existential variables 6c and universal variables oc. First, since Cl is complete, [£l]t has no 
free existentials. Second, universal variables free in [d]t have no equations in Cl (if they had, their 
occurrences would have been replaced). But if Cl has no equation for oc, it follows from Cl — > Cl' 
and the definition of context extension in Figure ?? that Cl' also lacks an equation, so applying Cl' 
also leaves oc alone. 


Transitivity of equality gives [H ']t = [D]t. 


Part (ii): Similar to part (i), using Lemma [29l ( [Substitution Monotonicity I (iii) instead of (i). 

Part (iii): By induction on the given derivation of Cl — > Cl'. 

Only cases I — >ldl I — >Varl I — >Uvarl | — >Eqn[ I — >Solvedl I — >AddSolvedl and I — >Markerl are possible. 
In all of these cases, we use the i.h. and the definition of context application; in cases I — >Varl 
— >Eqn|andl — >Solvedl we also use the equality in the premise of the respective rule. □ 


Lemma 56 (Confluence of Completeness). 

If Ai — > Cl and A 2 — * Cl then [Cl] A] = [Cl] A 2 - 


Proof. 

A^ — > Cl 
[Cl] A, = [Q]Q 
A 2 — > Cl 
[Q]A 2 = [Q]Q 
[Q]Ai = [Q]A 2 


Given 

By Lemma [54l ( [Completing Stability] ) 
Given 

By Lemma [54l ( [Completing Stability] ) 
By transitivity of equality 


□ 


Lemma 57 (Multiple Confluence). 

If A — * Cl and Cl — * Cl' and A' — > Cl' then [II] A = [C1']A'. 


Proof. 

A — > Cl 
[Cl] A = [Q]Q 

a — > ci' 

[a] a = [ana' 

= [Q']A' 


Given 

By Lemma [54l ( [Completing Stability] ) 

Given 

By Lemma l55l ( Completing Completeness] ) (iii) 

By Lemma [54l ( Completing Stability I (A' — > Cl' given) 


□ 


Lemma 59 (Canonical Completion). 

ifr — > n 

then there exists Cl canon such that F — > Cl canon and Cl canon — > H and dom(Cl ca n 0n ) = dom(F] and, for all 
61: k = t and oc = t in Cl can on, tve have FEV(t) = 0. 


Proof. By induction on Cl. In Cl canon , make all solutions (for evars and uvars) canonical by applying £1 to 
them, dropping declarations of existential variables that aren’t in dom(F). □ 


Lemma 60 (Split Solutions). 

If A — * Cl and 6c e unsolved(A) 

then there exists Cli = Cl\ [6c : k = ti ] such that Hi — > Cl and Clz = Cl\ [6fc : k = t 2 ] where A — > H 2 and 
t 2 f ti and Cl 2 is canonical. 


Proof. Use Lemma [59] ( Canonical Completion] ) to get Cl canon such that A — > Cl canon and Cl cant 
where for all solutions t in Cl canon we have FEV(t) = 0. 

We have Cl canon = Glj [ft : k = ti], where FEV(ti ) = 0. Therefore «*■ Cl\ [6t : k = ti] — > Cl. 
Now choose t 2 as follows: 


n, 


• If k = *, let t 2 = ti — > ti . 

• If k = N, let t 2 = succ(ti ) . 


Thus, «s- t 2 ti . Let Cl 2 = Cl \ [ft : k = t 2 ]. 

•s- A — >C1 2 By Lemma 13 II ([Split Extension) 


□ 
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E' Internal Properties of the Declarative System 

Lemma 61 (Interpolating With and Exists). 

(1) IfV ::W \- IT :: A <i= C p and Wh Po true 
then P'::¥h TT :: A <= C A P 0 p. 

(2) IfV :: W b TT :: A <b= [x/a]Co p andW b t : k 
then P'::¥l- TT :: A <b= (3a : k. Co) p. 

In both cases, the height ofV is one greater than the height ofV. 

Moreover, similar properties hold for the eliminating judgment V / PC TT :: A <i= C p. 

Proof. By induction on the given match derivation. 

In the IDecI Match Basel case, for part (1), apply rule I7\T1 For part (2), apply rule PI 
In the |DeclMatchl\leg| case, par t (1), use Lemma [3 ( [Declarative WeakeningP (iii). In part (2), use 
Lemma [3 ( [Declarative WeakeningP (i). □ 

Lemma 62 (Case Invertibility) . 

IfW b case(eo,TT) <(= C p 

then Vh eo A ! and ¥h TT :: A <i= C p and 'W I— TT covers A 

where the height of each resulting derivation is strictly less than the height of the given derivation. 

Proof. By induction on the given derivation. 


• Case 


H 7 I- case(eo,TT) 4 A q pol(B) b ¥ <* AB 


IDecISubl 


H 7 b case(eo, TT) <^= B p 
Impossible, because H 7 b case(eo,TT) A q is not derivable. 


• Cases [DecIVIl IPeclDll Impossible: these rules have a value restriction, but a case expression is 
not a value. 


Vh P true H 7 b case(eo,TT) Co p . 

— — IDeclAII 


H 7 b case(eo, TT) <^= Co A P p 


kp < n — 1 W h eo H A ! 

By i.h. 

< n — 1 H 7 b TT :: A <^= Co p 

n 

•s- < u — 1 M 7 b TT covers A 

n 

< n — 1 H 7 b P true 

Subderivation 

rp <n>Fbn::AbCoAPp 

By Lemma [Ml ([Interpolating With and Exists ) (1) 


• Cases IDecIlIl IDecl >11 IDecIRecl IDecl+lul IDecI x 11 IDecINill IDecIConsl Impossible, because in these 
rules e cannot have the form case(eo, TT). 


• Case 


W h case(e 0 ,TT) =¥ A ! Vh TT :: A <i= C p 
H 7 I- case(eo, TT) <^= C p 


Immediate. 


¥ b TT covers A 

IDecICasel 


□ 


F' Miscellaneous Properties of the Algorithmic System 

Lemma 63 (Well-Formed Outputs of Typing). 

(Spines) Ifri-s:Aq>CpHAorrhs:Aq>C(p] HA 
and T b A q type 
then Ah Cp type. 

(Synthesis) ITT b eHAp HA 
then A I- p type. 


Proof oflLemma 63f( Well-Formed Outputs of Typing) lem:wf-outputs 


Proof of\Lemma_63\{ Well-Formed Outputs of Typing)) lem:wf-outputs 
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Proof. By induction on the given derivation. 


• Case lAmj gj__Use Lemmal^ njTypi ng Extension]) and Lemma[4T] ( Extension Weakening for Principal 
Typing) - 


• Case |VSpine[ We have T h (Voc : k. Ao) q type. 

By inversion, fa: Kh Ao q type. 

By properties of substitution, r, ft : k b [ft/a]Ao q type. 
Now apply the i.h. 


Cas e|pSpine| Use Lemma 1421 ( Inversion of Principal Typing) (2), Lemma l47l (Checkprop Exten- 
sion). and Lemma 141 1 ( Extension Weakening for Principal Typing ) . 


• Case |SpineRecover) 

By i.h., Ah C/ type. 

We have as premise FEV(C) = 0. 
Therefore Ah C! type. 


Case |SpinePass By i.h. 

Case |EmptySpine[ Immediate. 

Case |— >Spine Use Lemma 1421 ( Inversion of Principal Typing] ) (1), Lemma [511 ( [Typing Extension ), 

and Lemma |4l1 ( [Extension Weakening for Principal Typing^ ! 

Case|ftSpine[ Show that fti -a cb is well-formed, then use the i.h. □ 


G' Decidability of Instantiation 

Lemma 64 (Left Unsolvedness Preservation). 

Iff o, 6 t , H h- ft := A : k HA and $ G unsolvedfTo) then 0 G unsolved(A). 

r 

Proof. By induction on the given derivation. 


• Case 


r 0 h t : k 

Ho, & : k, E| I- ft := t : k H To, ft : k = t, Pi 
r 


InstSolvel 


Immediate, since to the left of ft, the contexts A and F are the same. 
• Case 


p G unsolved(F'[ft : k] [ p : k] ) 


r'[ft : k] [(3 : k] h ft := p : k H F'[ft : k][|3 : k = ft] 

' V " ' V ' 

r a 


IlnstReachl 


Immediate, since to the left of ft, the contexts A and F are the same. 


• Case ft] : ft : * = ft] ® ft. 2 , T] h fti := T] : * H 0 0 h ft .2 := [0]t2 :* H A 

IlnstBinl 

To, ft : T] h ft := T] ® T 2 : * H A 

We have |3 G unsolvedfTo). Therefore ^ G unsolved(Fo, &2 '■ *)• 

Clearly, &2 G unsolved(Fo, &2 : *). 

We have two subderivations: 

Fa) &2 : *, fti : ft : * = fti ® ft.2> T] h ft] := A] : * H 0 (1) 

0 h ft 2 := [0]A 2 :* H A (2) 


By induction on (1), (3 G unsolved]©). 

Also by induction on (1), with ft .2 playing the role of p, we get ft .2 G unsolved(0). 
Since p G Fq, it is declared to the left of &2 in Fq, &2 '■ *> fti : *, ft = fti ® 6b, T] . 


Proof of ILemma 641 (ILeft Unsolvedness Preservation!) lem:left-unsolvedness-preservation 


Proof of\Lemma 6^ (lLeftUnsglyedneSSj^n^ena lem:left-unsolvedness-preservation 
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Hence by Lemma l20l (IDeclaration Order Preservation!) . 0 is declared to the left of & 2 in 0. That is, 
0 = (0o, & 2 : *,0i ), where (3 G unsolved(0 o ). 

By induction on (2), 0 G unsolved(A). 

• Case 

Ha : N] b 6t:= zero : N H r'[ft : N = zero] | lnstZero | 
r a 

Immediate, since to the left of &, the contexts A and V are the same. 

• Case r[fti : N, a : N = succC&i )] b ai := ti : N H A 

IlnstSuccI 

r[a:N] b &:= succ(ti) :N H A 

We have 0 G unsolved(Fo). Therefore 0 G unsolvedfTo, ai : N). By i.h., 0 G unsolved(A). □ 

r 

Lemma 65 (Left Free Variable Preservation). If To, a : k, Pi b a := t : k HA and V b s : k' and 
a ^ FV([F]s) and 0 e unsolved(Fo) and 0 ^ FV([F]s), then 0 ^ FV([A]s). 

Proof. By induction on the given instantiation derivation. 


• Case 


r 0 b t : k 

To, a : k, Fi b a := t : k H To, a : k = x, Fi 


InstSolvel 


We have a ^ FV([F]ct). Since A differs from F only in a, it must be the case that [F] cr = [A] cr. It is 
given that 0 FV([F]cr), so 0 FV([A]cr). 


• Case 


■9 G unsolved(F[a : k] (9 : k]) 


T[a : k] (9 : k] b a := 9 : k H F[a : k] (9 : k = a] 


IlnstReachl 


Since A differs from T only in solving 9 to 6t, applying A to a type will not introduce a 0. We have 
0 $ FV([F]ct), so 0 £ FV([A]ct). 


• Case 


r' 


r[a 2 : &i : *, & : * = &i 0 & 2 ] b := Ti : * H 0 0 b a 2 := [ 0 ]x 2 : * H A 

F[a : ★] b a := Ti 0 t 2 : * H A 


IlnstBinl 


We have F b a type and a ^ FV([F]ct) and 0 £ FV([F]a). 

By weakening, we get T' b cr : k'; since a ^ FV([F]cr) and F' only adds a solution for 6t, it follows 
that [r']cr = [F] cr. 

Therefore ai ^ FV([F']cr) and a 2 ^ FV([F']ct) and 0 FV([r']cr). 

Since we have 0 € To, we also have 0 G (To, a 2 : *). 

By induction on the first premise, 0 ^ FV([0]cr). 

Also by induction on the first premise, with a 2 playing the role of 0, we have a 2 ^ FV([0]cr). 

Note that a 2 G unsolved(Fo, a 2 : *). 

By Lemma 1641 dLeft Unsolvedness Preservation!) . a 2 G unsolved(0). 

Therefore 0 has the form (0o, a 2 : 0i ). 

Since 0 / a 2 , we know that 0 is declared to the left of a 2 in (Fo,a 2 : *), so by Lemma [20l 
(IDeclaration Order Preservation!) . 0 is declared to the left of a 2 in 0. Hence 0 G 0o- 
Furthermore, by Lemma |43l ([Instantiation ExtensionI) . we have T' — i 0. 

Then by Lemma l36l ( [Extension Weakening (Sorts) I, we have A b cr : k'. 

Using induction on the second premise, (3 ^ FV([A]cr). 


• Case 


Ha : N] b a := zero : N H F'[& : N = zero] 
r 


IlnstZerol 


Proof of ILemma 651 (ILeft Free Variable Preservation!) lem:left-free- variable-preservation 


Proof oflLemmaJ25l (lLe^FreeJ^riable^resenationl) lem:left-free- variable-preservation 
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We have a ^ FV([F]cr). Since A differs from P only in a, it must be the case that [F] cr = [A]cr. It is 
given that 0 FV([P](r), so 0 0 FV([A]cr). 


Case 


Ha, : N, a : N = succ(a, )] b a, := t, : N H A 
P'[a : N] b a : = succ(ti) :NHA 


IlnstSuad 


P b u : k' 

Given 

0 b <t : k' 

By weakening 

a^ fv([p]cj) 

Given 

a^ fv([0](t) 

a ^ FV([P]cr) and 0 only solves a 

0 = (P 0 ,ai : N, a : N = succ(ai ) , P, ) 

Given 

p ^ unsolved(Po) 

Given 

(3 ^ unsolved^, a, : N) 

a, fresh 

0 f FV([P]cj) 

Given 

3 t FV([0]cr) 

a, fresh 

0 f FV([A]«j) 

By i.h. 


□ 


r 

Lemma 66 (Instantiation Size Preservation). Iff o, a, Pi b a := r : k HA and P h s : k' and a ^ FV([P]s), 
then | [r] s| = |[A]s|, where |C| is the plain size of the term C. 

Proof. By induction on the given derivation. 


• Case 


To b T : k 

To, a : k, P, b a := t : k H To, & : k = t, P, 
r 


InstSolvel 


Since A differs from T only in solving a, and we know a ^ FV( [P] cr), we have [A]cr = [P] cr; therefore 
I [A] cr = [P](i|. 


• Case 


r'[a:N] b a := zero : N H r'[a : N = zero] 

r a 

Similar to the llnstSolvel case. 


IlnstZerol 


• Case 


$ € unsolvedff'ia : k][0 : k]) 


Ha : k] [|3 : k] b a := (3 : k H P'[a : k][(3 : k = a] 

' V ' ' V ' 

r a 


IlnstReachl 


Here, A differs from T only in solving $ to a. However, a has the same size as so even if 
j3 G FV([r]cr), we have | [A] cr = [P] cr| . 


• Case 


r' 


r[a 2 : a, : a : * = a, ® a?] b a, := x, : * H 0 0 b a 2 := [ 0 ]t 2 :* h a 

rta : *] b a := t, © r 2 : * H A 

We have P b oik' and a ^ FV([P]cr). 

Since a, , a 2 ^ dom(P], we have a, a, , a 2 ^ FV([P](r). 

By Lemma l23l ( Deep Evar Introduction!), £[a : *] — > P'. 

By Lemma [36] (Extension Weakening (Sorts) ), P' b o : k ' . 

Since a ^ FVfcr), it follows that [P']ct = [P] cr, and so | [P '] cr| = |[P]cr|. 


IlnstBinl 


Proof of ILemma 661 (llnstantiation Size Preservation!) lem:instantiation-size-preservation 


Proof of \Lemma 661 (llnstantiation Size PreservationD lem:instantiation-size-preservation 
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By induction on the first premise, |[r']cr| = |[0]cr|. 

By Lemma l20l ([Declaration Order Preservation!) . since a 2 is declared to the left of fti in F', we have 
that &2 is declared to the left of fti in 0. 

By Lemma [64l dLeft Unsolvedness PreservationD . since ft .2 G unsolved(r'), it is unsolved in 0: that 


is, 0 = (0o> &2 ■ 0i ). 

By Lemma l43l (llnstantiation ExtensionI) . we have T' — > 0. 

By Lemma l36l ( [Extension Weakening (Sorts) ), 0h oik'. 

Since ft 2 FVf fFdcrl. Lemma l65l(lLeft Free Variable Preservation]) gives &2 ^ FV([0]cj). 

By induction on the second premise, | [0] cr| = | [A] cr|, and by transitivity of equality, | [r] cr| = | [A] cr| . 


• Case 


r' 


r[fti : N, a : N = succCfti )] b fti := ti : N H A , 
F[ft:N] h &:= succ ("t ! ) :N H A 


InstSuccI 


F[ft : *] F a : k' 

ft ^ [r[6t : *]]<r 
r[fit:*] —4 F' 

T' h cr : k' 

[F']cr = [r[&:*]]<T 
|[r']cT| = |[T[ft.-*]]«j| 
fti t [r']«j 

|[F']cr| = | [©] cr| 

| [r [& : *]]cr| = | [©] cr| 


Given 

Given 

By Lemma [23] ( [Deep Evar Introduction 
By Lemma [36] ( [Extension Weakening (Sorts) ) 
Since ft ^ FV([F[ft : *]]cr) 

By congruence of equality 

Since [r'Jcr = [F[ft : *]]cr, and fti ^ dom(F[ft : *]) 

By i.h. 

By transitivity of equality 


□ 


Lemma 67 (Decidability of Instantiation). If V = Fofft : k'] and Th t: k such that [F] t = t and ft ^ FV(t), 
then: 


(1) Either there exists A such that Fo [ft : k'] F ft := t : k HA, or not. 
Proof. By induction on the derivation of F h t : k. 


• Case 


(u : k) G F 
T[ , ft : k', Fr h u : k 


IVa rSortl 


If k 7^ k', no rule matches and no derivation exists. 
Otherwise: 


- If (u : k) € Fl, we can apply rule llnstSolvel 

- If u is some unsolved existential variable (3 and ($ : k) g Tr, then we can apply rule llnstReachl 

- Otherwise, u is declared in Fr and is a universal variable; no rule matches and no derivation 
exists. 


• Case 


(j§ : k = t) G F 


ISolvedVarSortl 


rh |3 : K 

By inversion, (j§ : k = t) g F, but [F]0 = $ is given, so this case is impossible. 


• Case lUnitSortl 

If k' = *, then apply rule llnstSolvel Otherwise, no rule matches and no derivation exists. 


• Case 


F F Tj : * T h T2 : * , , 

7 IBinSortl 

Fl, ft : k , Tr h ti 0 T2 : * 

r 


If k' f *, then no rule matches and no derivation exists. Otherwise: 
Given, [F] (xi © T2) = Ti 0 t 2 and ft ^ FV([F](ti 0x2)). 

If Tl F Ti © X 2 : *, then we have a derivation bv llnstSoTvel 


Proof of ILemma 67f( Decidability of Instantiation I lemdnstantiation-decidable 


Proof of\Lemma 67\ ([Decidability of Instantiation!) lem:instantiation-decidable 
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If not, the only other rule whose conclusion matches xi © X 2 is I Inst Bin! 

First, consider whether Fl, &2 : *, &i : ★, ft : * = 6ti © & 2 , Fr F 6ti := t : 7k- H — is decidable. 

By definition of substitution, [F](ti © T 2 ) = ([F]xi] © ([F]t 2 ). Since [F](xj © T 2 ) = Ti ffi T 2 , we 
have [F]t! = Ti and [F] X 2 = X 2 . 

By weakening, F L , &2 : *, &i :*,&:* = &! ffi 6L2, r R F xi ffi X 2 : ★. 

Since F h Ti : ★ and F F T 2 : *, we have , &2 ^ FV(ti ) U FV(x 2 ). 

Since & ^ FV(t) D FV(xi ), it follows that [r']xi = xi . 

By i.h., either there exists 0 s.t. Fl, &2 : &i :*,&:* = &i ffi ct 2 , r R F := xi : * H 0, or not. 

If not, then no derivation bv l I nstBinl exists. 

Otherwise, there exists such a 0. By Lemma [64] dLeft Unsolvedness Preservation!) . we have ciz € 
unsolved(0). 

By Lemma l65l(lLeft Free Variable Preservation!) . we know that &2 f- FV([0]x2). 

Substitution is idempotent, so [0][0]x2 = [0]x2. 

By i.h., either there exists A such that 0 F &2 := [0]x2 : k HA, or not. 

If not, no derivation bv llnstBinl exists. 

Otherwise, there exists such a A. By rule llnstBml we have F F & := t : k HA. 


• Case 


T F zero : N 


IZeroSortl 


If k' f IH, then no rule matches and no derivation exists. Otherwise, apply rule llnstSolvel 


• Case 


T F t 0 : N 
T F succ(to) : N 


ISuccSortl 


If k' f N, then no rule matches and no derivation exists. Otherwise: 

If Tl F succ(to) : N, then we have a derivation bv llnstSoivel 

If not, the only other rule whose conclusion matches succ(to) is llnstSuccl 

The remainder of this case is similar to the IBinSortl case, but shorter. 


□ 


H' Separation 


Lemma 68 (Transitivity of Separation). 

If (F l * r R ) it 4 (0l * 0 R ) and (0 L * 0 R ) "ip 4 (A L * A R ) 
then (T L * F R ) -xjr> (Al * A R ). 


Proof. 

(Fl * T r ) ip 4 (0 l * e R ) 

(r L ,r R ) — » (0 L ,0 R ) 

Fl C 0 l and T R C 0 R 

(0l * ©r) (^l * Ar) 

(0l, 0 r ) — > (Al,Ar) 

0 L C A l and 0 R C A R 

(r L ,r R ) — > (A l ,A r ) 

Fl C Al and T R C A R 

•s- (r L *r R ) -p 4 (A L *A R ) 


Given 

By Definition[5] 
n 

Given 

By Definition^ 

n 

By Lemma [33] ( [Extension Transitivity] ) 
By transitivity of C 

By Definition[5] 


Lemma 69 (Separation Truncation). 

If H has the form a : k or or ►p orx: A p 

and (T L * (F r , H)) t 4 (A l * A R ) 

then (F l * F R ) -pp 4 (A L * A 0 ) where A R = (A o ,H,0). 


□ 


Proof. By induction on A R . 

If A R = (. . . , H), we have (Fl * T R , H) -xp 4 (Al * (A, H)), and inversion on ! — >Uvarl (if H is (a : k), or 
the corresponding rule for other forms) gives the result (with 0 = •). 


Proof ofILemma 691 (Separation Truncation! lem:separation-truncation 


Proof oflLemma 691 ([Separation Truncation!) lem:separation-truncation 
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Otherwise, proceed into the subderivation of (Fr, Fr, oc : k) — > (Ar, Ar), with Ar = (A(,, A') where 
A' is a single declaration. Use the i.h. on A(,, producing some 0'. Finally, let 0 = (0', A'). □ 

Lemma 70 (Separation for Auxiliary Judgments). 

fi) If r L * r R I- 0 - = t : K H A 

and FEV(cr) U FEV(t) C dom(r R ) 

then A = (Ar * Ar) and ( f) * Tr) * > (Ar * Ar). 

(ii) If Tl * Tr P P true H A 
and FEV(P) C dom(r R ) 

then A = (Ar * Ar) and (Tr * Tr) mr* (Ar * Ar). 

(Hi) If Tr * Tr / cr = t : k HA 
and FEV(ct) U FEV(t) = 0 

then A = (Ar * (A R ,0)) and (P L * (F R ,0)) -*-> (A L * Ar). 

(iv) If r L * r R / P H A 
and FEV(P) = 0 

then A = (A L * (A R ,0)) and (P L * (F R ,0)) (A L * Ar). 

(v) If r L *r R hft:=x:KHA 
and (FEV(t) U {ft}) C dom(rR) 

then A = (Ar * Ar) and (Fr * Tr) (Ar * Ar). 

(vi) If r L * r R P P = Q H A 

and FEV(P) U FEV(Q) C dom(r R ) 

then A = (Ar * Ar) and (Fr * Tr) (Ar * Ar). 


(vii) If r L *TrP A = B HA 

and FEV(A) U FEV(B) C dom(F R ) 

then A = (Ar * Ar) and (Fr * Tr) (Ar * Ar). 


Proof. Part (i): By induction on the derivation of the given checkeq judgment. Cases |CheckeqVarl 
|CheckeqUnit and |CheckeqZero are immediate (Ar = Fr and Ar = Tr). For case |CheckeqSucc| apply 


the i.h. For cases CheckeqlnstL and CheckeqlnstR use the i.h. (v). For case |CheckeqBin| use reasoning 
similar to that in the IAN case of Lemma 1721 ( [Separation — Main| ) (transitivity of separation, and applying 
0 in the second premise). 

Part (ii), checkprop: Use the i.h. (i). 

Part (iii), elimeq: Cases ElimeqUvarRefl ElimeqUnit and |CheckeqZero are immediate (Ar = Fr and 
Ar = Fr). Cases [ETTmeqUvar~ |ElimeqUvarRJ_[ ElimeqBinBot and ElimeqClashl are impossible (we have 
A, not J_). For case|ElimeqSucc 


apply the i.h. The case for ElimeqBin is similar to the case|CheckeqBir 


in part (i). For cases ElimeqUvarL| and [ElimeqllvarRl A = (Fr, Tr, a = t) which, since FEV(x) C dom(rR), 
ensures that (Fr * (Fr, a = x)) -xjr 4 (Ar * (Ar, a = x)). 

Part (iv), elimprop: Use the i.h. (iii). 

Part (v), instjudg: 


• Case llnstSolvel Here, F = (To, & : k, Fi ) and A = (Fo, & : k = x, Fi ). We have 6t e dom(rR), so the 
declaration 6i : k is in Fr. Since FEV(x) C dom(rR), the context A maintains the separation. 

• Case llnstReachl Here, F = Fo [6t : k][$ : k] and A = Fo(& : k][$ : k = &]. We have ft e dom(FR), so 
the declaration ft : k is in Tr. Since p is declared to the right of ft, it too must be in Fr, which can 
also be shown from FEV(p) C dom(FR). Both declarations are in Fr, so the context A maintains the 
separation. 

• Case IlnstZerol In this rule, A is the same as F except for a solution zero, which doesn’t violate 
separation. 

• Case llnstSucd The result follows by i.h., taking care to keep the declaration fti : N on the right 
when applying the i.h., even if ft : N is the leftmost declaration in Tr, ensuring that succ(fti ) does 
not violate separation. 

• Case llnstBinl As in the llnstSuccI case. the new declarations should be kept on the right-hand side 
of the separator. Otherwise the case is straightforward (using the i.h. twice and transitivity). 


Proof ofILemma 70f( Separation for Auxiliary Judgments ) lem:separation-aux 


Proof of]Lemma 70|( Separation for Auxiliary Judgments)) lem:separation-aux 
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Part (vi), propequivjudg: Similar to the CheckeqBin case of part (i), using the i.h. (i). 
Part (vii), equivjudg: 


• Cases l=Varll=Exvarll=Un it! Immediate (Al = Tl and Ar = Tr). 

• Case |=(|jj Similar to the case CheckeqBin in part (i). 


• Case l=Ve3 Similar to the case CheckeqBin in part (i). 

• Cases l=Vl =3: Similar to the case|CheckeqBin|in part (i). 


Cases [=Pll=Al Similar to the case CheckeqBin in part (i), using the i.h. (vi). 
Cases l=lnsta ntiateO 1=1 nstantiateRl Use the i.h. (v). 


□ 


Lemma 71 (Separation for Subtyping). If Fl * Tr I— A<: ± B HA 
and FEV(A) C dom(r R ) 
and FEV(B) C dom(r R ) 

then A = (Al * Ar) and (Tl * Tr) (Al * Ar). 


Proof. By induction on the given derivation. In the < : Equiv case, use Lemma [70l (Separation for Aux- 
iliary Judgments) (vii) . Otherwise, the reasoning needed follows that used in the proof of Lemma [72l 
([Separation — Main]) . □ 


Lemma 72 (Separation — Main) . 


(Spines) JfrL*r R l- s:Ap>Ct| HA 
or P L * Tr I- s : A p » C |~q] HA 
and Tl * T r h A p type 
and FEV(A) C dom(F R ) 

then A = (Al * Ar) and (Fl * Tr) -*-* (Al * Ar) and FEV(C) C dom(AR). 

(Checking) Jf Tl * Fr F e <(= C p HA 
and Tl * T R h C p type 
and FEV(C) C dom(F R ) 

then A = (Al * Ar) and (Tl * T R ) (Al * Ar). 

(Synthesis) Jf Tl * Fr F eH Ap HA 

then A = (Al * Ar) and (Fl * Tr) (Al * Ar). 

(Match) Iff l *FrF FT::A<(=Cp HA 
and FEV(A) = 0 
and FEV(C) C dom(F R ) 

then A = (Al * Ar) and (Tl * Tr) (Al * Ar). 


(Match Elim.) If Tl *Fr/PF FT::A<(=Cp HA 
and FEV(P) = 0 
and FEV(A) = 0 
and FEV(C) C dom(F R ) 

then A = (Al * Ar) and (Tl * F r ) (Al * Ar). 


Proof. By induction on the given derivation. 

First, the (Match) judgment part, giving only the cases that motivate the side conditions: 

• Case [Match Basel Here we use the i.h. (Checking), for which we need FEV(C) C dom(F R ). 

• Case IMatchAl Here we use the i.h. (Match Elim.), which requires that FEV(P) = 0, which 
motivates FEV(A) = 0. 

• Case |MatchNeg| In its premise, this rule appends a type A G A to Tr and claims it is principal 
(z : A!), which motivates FEV(A = 0). 


Similarly, (Match Elim.) : 


Proof of ILemma 721 ( Separation — Main ) lem:separation-main 


Proof of\Lemma 72| (I Separation — Main|) lem:separation-main 
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Case MatchUnify Here we use Lemma [70l ( [Separation for Auxiliary Judgments 1 (iii), for which 
we need FEV(cr) U FEV(t) = 0, which motivates FEV(P) = 0. 


Now, we show the cases for the (Spine), (Checking), and (Synthesis) parts. 

• Cases IVarl [TTl |pl_Ll In all of these rules, the output context is the same as the input context, so 
just let Al = Fl and Ar = Fr. 


• Case 


Tl * Tr F ■ : Ap > 



H Fr * Tr 


|Empty5pine| 


Let Al = Tl and Ar = Tr. 

We have FEV(A) C dom(rR). Since Ar = Tr and C = A, it is immediate that FEV(C) C dom(AR). 


• Case 


r L * r R h e => A q H 0 0FA<:*B H A 


F L * F r h e<=Bp HA 
By i.h., 0 = (0 L * 0 R ) and (F L * r R ) (0 L * 0r). 

By Lemma [711 ( Separation for Subtyping), A = (Al * Ar) and (0 l * 0r) pjr* (Al * Ar). 
By Lemma 1681 (Transitivity of Separation). (Fl * Fr) (Al * Ar). 


• Case 


F h A! type fh eh [F] A ! H A 


lAnnol 


T F (e : A) [A] A ! H A 

By i.h.; since FEV(A) = 0, the condition on the (Checking) part is trivial. 

• Case 


F[& : w] t- ()<£=&. HF[&:* = 1]' 

Adding a solution with a ground type cannot destroy separation. 


v chk-I Fl, Fr, oc : k h v <h= Ao p H A, a : k, 0 

ED 

Tli h h v h Va : k. An p HA 


FEV(Va: k. Ao) C dom(FR) 

FEV(Ao) C dom(FR,a: k) 

(A, cx : k,0) = (A l * A(.) 

(F l * (Tr, a : k)) -*-» (A L * A(>) 

•s- (T L * Fr) -t>(A l * A r ) 

Ar = (A R ,a: k,0) 

(A, a : k,0) = (A l * A(>) 

= (Al,A') 

= (Al, Ar, a : K,0) 
•s- A = (A l , Ar) 


Given 

From definition of FEV 
By i.h. 

n 

By Lemma |69l ([Separation Truncation!) 

n 

Above 

Definition of * 

By above equation 
cx not multiply declared 


• Case 


Tl, Tr, &. : k b e s : [&/cx]Ao >Cq HA 
Fl, Fr b e s : Va : k. Ao p > C q HA 


|VSpine| 
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FEV(Voc : kAo. ) C dom(r R ) 

Given 

FEV([ft/a]Ao) C dom(FR,&: 

k) From definition of FEV 

A = (A l * Ar) 

By i.h. 

(Tl * (Tr, ft : k)) ip 4 (A l * Ar) 

n 

FEV(C) C dom(A R ) 

n 

dom(FL) C dom(AL) 

By Definition [5] 

dom(rR,ft: k) C dom(A R ) 

By Definition [5] 

dom(r R ) U {ft} C dom(A R ) 

By definition of dom(— ) 

dom(F R ) C dom(A R ) 

Property of C 

(A, Tr) — > (Al, Ar) 

By Lemma [5TI ({Typing Extension ) 

(F l * Tr) -pp 4 (A l * Ar) 

By Definition [5] 

e not a case Tl * Tr P P true 

H 0 0P ep [0]Ao p HA 

: — : — 


Tl * Tr P e p= (Aq A P) p HA 


T l * F R h (A 0 A P) p type 
Fl * Tr P P prop 
F L * Tr h A 0 p type 
FEV(A 0 AP)C dom(F R ) 

FEV(P) C dom(F R ) 
FEV(Ao) C dom(F R ) 

0 = (0 L * 0r) 

(F l * Fr) it 4 (0l * ©r) 


Given 

By inversion 
By inversion 
Given 

By def. of FEV 
// 


By Lemmal7QI ([Separation for Auxiliary Judgments ) (i) 


«■ 


«■ 


FEV(Ao) C dom(r R ) 
dom(rR) C dom(0 R ) 
FEV(Ao) C dom(0 R ) 
FEV([0]A o ) C dom(0 R ) 

Fl * T r h (A 0 AP) p type 
F L * T r P A 0 p type 
0 P A 0 p type 
0 P [0]A O p type 
A = (A l * A r ) 

(0 L * 0 R ) ~ it > (A l * A r ) 

(F l * Tr) ip 4 (A l * Ar) 


Above 

By Definition [5] 

By previous line 

Previous line and (Fl * Tr) ip 4 (0 l * 0r) 
Given 

By inversion 
By Lemma [411 
By Lemma fl3l 

By i.h. 

// 

By Lemma [68] ([Transitivity of Separation I 


( Extension Weakening for Principal Typing 


( Right-Hand Substitution for Typing ) 


• CaselNill Similar to a section of the [AT] case. 


• Case lCorisl Similar to the[AT]case, with an extra use of the i.h. for the additional second premise. 


* Case vchk-I 


A * (Tr) ^p) / PH0 0PvP [0]Ao ! H A, ►p, A' 
Tl * Tr h V P D Aq ! H A 


m 
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r L * r R h (P D A 0 ) ! type 
T l * F r I- P D A 0 prop 
FEV(P d A 0 ) = 0 
FEV(P) = 0 


Given 

By inversion 
n 

By def. of FEV 


Tl * (r R , ►?) / p h o 

0 = (0L * (0R, 0 Z )) 

(r L * (r R ,^ P ,0z)) it 4 (0l * (0R) 0 Z )) 


Subderivation 

By Lemma |70| ( [Separation for Auxiliary Judgments! ) (i y ) 
n 


F l * F r h (P D A 0 ) ! type 
FL,r R h A 0 ! type 
r L ,r R ,>.p,0 z F A 0 ! type 

0 F [0]A O ! type 
FEV(Ao) = 0 
FEV(Ao) C dom(0 R ,0z) 
(A, ►p, A') = (A l * Ar) 

(0l * (0r, 0z)) T 4 (Al * Ar) 


Given 

By Lemma 1421 ( [Inversion of Principal Typing I (2) 
By Lemma 1351 ( |Suffix Weakening! ) 

By Lemmas [4p and l40l 
Above and def. of FEV 
Immediate 
By i.h. 


(r L * (Tr, ►?)) (A l * Ar) 
(Fl * r R ) it 4 (A l * A R ) 

A r = (A r , ►p, . . . ) 
A = (A l , Ar) 


By Lemma [68] ( [Transitivity of Separation I 
By Lemma [69] ([Separation Truncation} 

n 

Similar to the IVfl case 


• Case 


T l * T r F P true H 0 0 F e s : [0]A O p > C q HA 

Tl * f R F e s : P D Aq p > C q HA 


|pSpine| 


r L * r R F (P D A 0 ) P type 
Tl * T r F P prop 
Fl, T r F P true H 0 
0 = (0l * 0r) 

(Fl * Fr) -*-> (0 L * 0r) 

0 F e s : [0]A O p > C q HA 
(A, p-p, A') = (A l * A^) 

(0l * 0r) t 4 (Al * Ar) 

FEV(C) C dom(A R ) 

**■ (r L * r R ) ^(a l * a r ) 


Given 

By inversion 
Subderivation 

By Lemmal70l ([Separation for Auxiliary Judgments ) (i) 


Subderivation 
By i.h. 


By Lemma [68] ([Transitivity of Separation ) 


• Case 


rL,r R ,x:CpFv<(=Cp HA,x:Cp,0 
Tl, Fr F rec x.v 4= C p HA 

Tl * T r F C p type 
FEV(C) C dom(r R ) 

Fl * (F R ,x : Cp) F C p type 

Tl, Fr,x : Cp F v <^= C p HA,x:Cp,0 
(A,x : Cp,0) = (A l , Ar) 

(Fl * Fr) (A L * Ar) 

(Fl * Fr) -*-> (A L * Ar) 

Ar = (A r ,x: Cp, ...) 

A = (A l , Ar) 


Given 

Given 

By weakening and Definition |4| 

Subderivation 

By i.h. 


By Lemma [69] ( [Separation Truncation I 

n 

Similar to the IVT) case 


• Case 


rL,F R ,x:ApF e B p HA,x:Ap,0 
Tl, Fr F Ax. e <(= A — > B p HA 


nn 
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r L * r R b (A -> B) p type 
r L * r R h B p type 
FEV(A — > B) C dom(r R ) 

FEV(A) C dom(r R ) 
r L * (F R ,x : Ap) h B p type 

Fl,F r ,x: Ap h e <= Bp H A, x : Ap,0 
(A, x : Ap, 0) = (A L , A£) 

(F l * F r ) -*-» (A L * Ap) 

(r L * r R ) -*-> (a l * a r ) 

A r = (A r ,x: Ap,...) 

A = (Al, A r ) 


Given 

By inversion 
Given 

By def. of FEV 

By weakening and Definition |4] 

Subderivation 

By i.h. 

n 


By Lemma [69l ^Separation Truncation)) 

n 

Similar to the IVfl case 


• Case 


Fof&i:*, &2 :*, ft:* = 5 : fti F eo <= S 2 HA, x: fti, A' 


nm 


To [ft : *] b Ax. eo ft HA 
r L *r R 

We have (Fl * F R ) = Fo[ft : *]. We also have FEV(ft) C dom(r R ). Therefore 6t e dom(F R ) and 


TofS.:*] — Fl, Tt, T3 


where T R = (F 2 , ft : ★, Fa). 

Then the input context in the premise has the following form: 

To [fti ft:* = fti — >ft 2 l, x : fti = Fr, F 2 , fti :*> ft 2 ; *> ft:* = fti — >ft 2 , F 3 , x : fti 

Let us separate this context at the same point as To [ft : *], that is, after F[ and before F 2 , and call 
the resulting right-hand context Tp. That is, 

Fotfti :*, &2:*, ft:* = fti — >ft2),x : fti = Fl * ( F 2 > fti :*, ft.2:*, ft:* = fti — >ft2> F 3 , x : fti ) 

— — 


FEV(ft) C dom(r R ) 

Fl * Tp h eo -f= ft -2 H A, x : fti , A' 
F L * Fp h ft 2 / type 
FEV(ft 2 ) C dom(r^) 

(A, x : fti , A') = (A l , Ap) 

(It * Tp) ip 4 (A l * Ap) 

A = (A l , Ar) 

rr (F l * Tr) ~ir> (A l * Ar) 


Given 

Subderivation 
ft 2 € dom(Fp) 
ft 2 G dom(Fp) 

By i.h. 

n 

Similar to the IVfl case 
n 


• Case 


Th eH Ap H0 0h s: [0]A p > C |"q] HA 


TF es 4 C q HA 

nal68lflTransitivity~c 

rithmic Typing! and Lemma II 31 ( Right-Hand Substitution for Typing^ 


Use the i.h. and Lemma l68l dTransitivitv of Separation!) . with Lemma [89l (Well-formedness of Algo- 

inn 


• Case 


FF s:A!»C/HA FEV([A]C)=I 
F I- s : A ! » C [!] HA 


■ |SpineRecover| 


Use the i.h. 
• Case 


F h s : A p » C q H A ((p = /) or (q = !) or (FEV([A]C) ^ 0)) 


TF s:Ap>C (q) HA 


|SpinePass| 


Use the i.h. 
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* Case r L *r R he^A,pH0 


U 


r 1- (Ai A 2 ) p type 
r I- A, type 
FEV(Ai — > A?) C dom(rR) 

FEV(AO C dom(r R ) 

© = (@L) ©r) 

(Fl * Fr) nr 4 (0 L * Or) 

F I- A 2 type 
F I- [0]A 2 type 
FEV(A 2 ) C dom(r R ) 

•s- A = (A l , Ar) 

(©l * 0r) nr 4 (Al * Ar) 
er FEV(C) C dom(A R ) 

•S- (F L * Fr) ^tKAl * Ar) 

Case FI-e<=A k pHA 

T h inj k e <= A] + A 2 p HA 

Use the i.h. (inverting Fh (At + A 2 ) p type). 


Given 

By inversion 
Given 

By def. of FEV 
By i.h. 

n 

By inversion 

By Lemma [13] ( [Right-Hand Substitution for Typing ) 
By def. of FEV 
By i.h. 

n 

n 

By Lemma [68] ([Transitivity of Separation I 


• Case 


Fhei<(=AipH0 0h e 2 (= [0]A 2 p 
T I- (ei , e 2 ) ■$= Ai x A 2 p H A 


H A 


\M 


F F (At x A 2 ) p type 
F h Ai p type 
F h ei <6= A] p H 0 
© = (0l,©r) 

(r L * Fr) “Ijr 4 (0L * 0 r) 


Given 

By inversion 
Subderivation 
By i.h. 

n 


r h A 2 type 

r — > 0 

0 h A 2 type 
0 h [0]A 2 type 
0 h e 2 <6= [0]A 2 p H A 


By inversion 

By Lemma |5D ( |Typing Extension] ) 

By Lemma [36] ( [Extension Weakening (Sorts) I 
By Lemma [13] ( |Right-Hand Substitution for Typing I 
Subderivation 


A = (Al, Ar) 
(0 L * 0r ) my 4 (A l * Ar) 
fir (F l * Fr) my 4 (A l * Ar) 


By i.h. 

n 

By Lemma [68] ([Transitivity of Separation ) 
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• Case 


fti:* *, ft:* = fti xft 2 ] h ei <^= S-i H 0 0 h e2 4= [0]ft-2 H A 


[xTH 


r[ft : *] h (ei , e2) 4= ft HA 

We have (Fl * Fr) = Fo[ft : *]. We also have FEV(ft) C dom(rR). Therefore ft e dom(rR) and 

Fq [ft : *] = r L , r 2 , ft : *, r 3 


where Tr = (T 2 , ft : *, Fa). 

Then the input context in the premise has the following form: 


To [fti :*> ft.2:*, ft:* = fti x ft.2] = (Fl, F2, fti :★, ft2:*, ft:* = fti x&2, T3) 

Let us separate this context at the same point as To [ft : *], that is, after F[ and before L,, and call 
the resulting right-hand context F,(: 

To [fti :*, ft. 2 :*, ft:* = fti x ft. 2 ] = I'i * f T 2 , fti :*, ft. 2 :*, ft:* = fti xft 2 , F 3 ) 

^ ... — ' 


FEV(ft) C dom(F R ) 

Given 

Tl * Tr I- ei ■$= fti H 0 

Subderivation 

FEV(ft 2 ) C dom(F k ) 

6 L 2 € dom(F k ) 

® = (0l, 0r) 

By i.h. 

(Fl * T k ) -j 4 (0l * 0r) 

// 

0he 2 h [0]& 2 HA 

Subderivation 

dom(r k ) C dom(0R) 

By Definition [5] 

FEV(ft 2 ) C dom(0 R ) 

By above C 

FEV([0 R ]ft 2 ) C dom(0 R ) 

By Definition [4] 

A = (Al, Ar) 

By i.h. 

(0l * 0r) “ f 4 (Al * Ar) 

n 

Tr = (r 2 , ft : *, Fa) 

Above 

= (F 2 , fti :*, ft. 2 :*, ft : * = fti x ft. 2 , T 3 ) 

Above 


By Lemma l23l(|Deep Evar Introduction) (i), (i), (ii) and the definition of separation, we can show 


(Fl * (F2, ft : *, F3)) it 4 (r L * (Fz, fti :*, ft.2:*, ft:* = fti x&2, I3)) 

(Tl * Tr) (Fl * F k ) By above equalities 

•S- (Fl = 1 = Fr) (Al * Ar) By Lemma 1681 ([Transitivity of Separation! twice 


• Case 


F[fti : *, ft .2 : ft : * = fti +ft2] f e h ftk H A 

T[ft : *] h inj k e 4= ft HA 


l+lftkl 


Similar to the |xlft| case, but simpler. 


Case : *, fti : ft : * = fti — >ft. 2 l I - e so : (fti — > ft 2 ) C HA 

T[ft : *] F e so : ft > C HA 

Similar to the |x lft| and |+lft k | cases, except that (because we’re in the spine part of the lemma) we 
have to show that FEV(C) C dom(AR). But we have the same C in the premise and conclusion, so 
we get that by applying the i.h. 



• Case r| _ e ^ A!H0 0hFl::A<=[0]CpHA AhTT covers [A] A „ , 

7 7 : ITasel 

F h case(e, FT) 4 = C p HA 

Use the i.h. and Lemma l68l ([Transitivity of Separation I . 


□ 
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I' Decidability of Algorithmic Subtyping 

I'.l Lemmas for Decidability of Subtyping 

Lemma 73 (Substitution Isn’t Large). 

For all contexts 0, we have #large([0]A) = #large(A). 

Proof. By induction on A, following the definition of substitution. □ 

Lemma 74 (Instantiation Solves). 

If T b ft := x : k HA and [F]tt = t and ft ^ FV([F]t) then |unsolved(r)| = |unsolved(A)| + 1 . 

Proof. By induction on the given derivation. 


Case 


Fl F t : k 


IlnstSolvel 


Tl, ft : k, Fr h ft := t : k H Fl, ft : k = t, Fr 
It is evident that |unsolved(FL, ft : k, Fr)| = |unsolved(FL, ft : k = t, Fr)| + I . 


Case 


0 € unsolved(r[ft : k][$ : k]) 


r[ft : k][0 : k] h ft := $ : k H F[ft : k][@ : k = ft] 

T 

Similar to the previous case. 


IlnstReachl 


• Case 


Fo[&2 • fti ■ *) ft : * = fti 0 &2l b fti := Ti : * H 0 0 b &2 - = [0]t2 :* H A 

F 0 [a : ★] b ft := Ti © x 2 : * HA 


II nstBinl 


unsolved(Fo[&2 : *, fti : ★, ft = fti © &2DI = |unsolved(Fo[ft])| + I 
|unsolved(ro[&2 : fti : *, ft = fti © &2DI = |unsolved( 0 )| + I 

|unsolved(F)| = |unsolved(0)| 

•s- = |unsolved(A)| + I 


Immediate 
By i.h. 

Subtracting 1 
By i.h. 


• Case 

r[& : N] b ft := zero : N H F[ft : N = zero] ' 
Similar to the llnstSolvel case. 


• Case F 0 [&i :N,ft:N = succ(ft 1 )] b ft, := ti : N H A 

— : IlnstSuccI 

F 0 [ft:N] b ft:= succ(t,) :N H A 

junsolved(A)| + I = |unsolved(Fo [fti : N, ft : N = succCfti )]]| By i.h. 

•s- = |unsolved(ro[ft : N])| By definition of unsolved (—) □ 

Lemma 75 (Checkeq Solving). IfTb s^t: k HA then either A = F or | unsolved (A) | < |unsolved(F)|. 

Proof. By induction on the given derivation. 


• Case 


f b u = u : k H r 


- |CheckeqVar| 


Here A = F. 

• Cases [Checkeq Unrt[|CheckeqZero| Similar to the |CheckeqVar| case. 

• Case Fbo-At:NHA 

ICheckeqSucd 

T b succ(cr) A succ(t) : N H A 

Follows by i.h. 


Proof of ILemma 751 (Checkeq Solving) lem: checkeq- solving 
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• Case 


r 0 [&] b a := t : K H A & <£ FV(t) 
To [a] b a = t : k HA 


|CheckeqlnstL| 


To [a] b a := t : k HA 

rba : =t:KHA 

A = r or | unsolved (A) | = |unsolved(P)| — 1 
rs- A = T or |unsolved(A)| < |unsolved(P)| 


Subderivation 

r = r 0 [a] 

By Lemma |74l ([Instantiation Solvesl) 


• Case F[a : k] b a := t : K H A a £ FV(t) 

r[a : k] b t = a : k ha 

Similar to the|CheckeqlnstL|case. 


|CheckeqlnstR| 


• Case 


F b cfj = Tj : * H 0 0 b [0]cr 2 = [0]t2 : * H A 

r b ffi ® ff2 = ti ffi T2 : * H A 


|CheckeqBin| 


P b d! = t i : * H 0 Subderivation 

0 = F or |unsolved(0)| < |unsolved(F)| By i.h. 


- 0 = F: 

0 b [0] 02 = [0]t 2 : * HA Subderivation 

F b [F] cr 2 = [F]t 2 :* H A By 0 = F 

«*■ A = T or |unsolved(r)| = |unsolved(A)| + 1 By i.h. 

- |unsolved(0)| < |unsolved(F)|: 

0 b [0]cr 2 — [0]t 2 : * H A Subderivation 

A = 0 or |unsolved(A)| < |unsolved(0)| By i.h. 

If A = 0 then substituting A for 0 in |unsolved(0)| < [unsolved(F)| gives |unsolved(A)| < 
|unsolved(F)|. 

If |unsolved(A)| < |unsolved(0)| then transitivity of < gives |unsolved(A)| < |unsolved(F). □ 


Lemma 76 (Prop Equiv Solving). 

Iff b P = Q HA then either A = F or |unsolved(A)| < |unsolved(F)|. 
Proof. Only one rule can derive the judgment: 


Case 


rb(ii=ti:MH0 0b [0] cr2 = [0]t 2 : N H A 
r b (d! = d2) = (ti = t 2 ) HA 


|=PropEq| 


By Lemma [75l ( |Checkeq Solving I on the first premise, 
either 0 = V or |unsolved(0)| < |unsolved(F)|. 


In the former case, the result follows from Lemma [75l ( |Checkeq SolvingP on the second premise. 

In the latter case, applying Lemma [75] ( |Checkeq SolvingP to the second premise either gives A = 0, 
and therefore 


|unsolved(A)| < junsolved(r)| 

or gives |unsolved(A)| < |unsolved(0)|, which also leads to |unsolved(A)| < |unsolved(F)|. □ 


Lemma 77 (Equiv Solving). 

If T b A = B HA then either A = V or |unsolved(A)| < |unsolved(F)|. 
Proof. By induction on the given derivation. 


• Case 

r b a= a H r 

Here A = F. 


HYiE 


Proof of ILemma 771 (Equiv Solving) lem:equiv-solving 
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Cases l=Exvarl l=U n itt Similar to the l=Varl case. 


• Case 


r b Ai = Bi H 0 0b [0]A 2 = [0]B 2 H a 


r b (Ai 0 A 2 ) = (Bi 0 B 2 ) h a 

By i.h., either 0 = V or |unsolved(0)| < |unsolved(r)|. 

In the former case, apply the i.h. to the second premise. Now either A = 0 — and therefore A — P — 
or |unsolved(A)| < |unsolved(0)|. Since 0 = P, we have |unsolved(A)| < |unsolved(P)|. 

In the latter case, we have |unsolved(0)| < |unsolved(P)|. By i.h. on the second premise, either A = 0, 
and substituting A for 0 gives |unsolved(A)| < |unsolved(P)| — or |unsolved(A)| < |unsolved(0)|, which 
combined with |unsolved(0)| < |unsolved(P)| gives |unsolved(A)| < |unsolved(P)|. 

Case l=Vecl Similar to the |=0l case. 


• Case 


P, a : k b Aq = Bq H A, a : k, A' 


P b Va : k. Ao = Va : k. Bo HA 

By i.h., either (A, a : k, A') = (P, a : k), or |unsolved(A, a : k, A')| < |unsolved(P, a : k)|. 

In the former case, Lemma l22l (Extension Inversion!) (i) tells us that A' = •. Thus, (A, a : k) = (T, a : 
k), and so A = T. 

In the latter case, we have |unsolved(A, a : k, A')| < |unsolved(P, a : k)|, that is: 

|unsolved(A)| + 0 + |unsolved(A , )| < |unsolved(P)| + 0 
Since |unsolved(A')| cannot be negative, we have |unsolved(A)| < |unsolved(P)|. 


• Case 


PbP = QH0 0b [0]A O = [0]B O H A 
Tb P D A 0 = Q D B 0 HA 


Similar to the |=0| case, but using Lemma [76| ( Prop Equiv SolvingP on the first premise instead of 
the i.h. 


• Case 


rbP = QH0 0b [0]A O = [0]B O H A 


Tb A 0 APeB 0 AQ ha 

Similar to the l=Al case. 


• Case 


P 0 [a]b HA a ^ FV(x) 


l=lnstantiateLI 


P 0 [&] b a = T H A 

r 

By Lemma 1741 (llnstantiation Solvesl) . |unsolved(A)| = |unsolved(r}| — 1. 


• Case 


P o [a] b a := t : * HA & £ FV(t) 


r 0 [a] b x = a h a 

Similar to the l=lnstantiateLl case. 


l=lnstantiateRI 


□ 


Lemma 78 (Decidability of Propositional Judgments). 

The following judgments are decidable, with A as output in (1 )-(3), and A as output in (4) and (5). 

We assume a = [r]cr and t = [P] t in ( 1 ) and (4). Similarly, in the other parts we assume P = [P]P and 
(in part (3)) Q = [P]Q. 

(1) Pb cr = t:K HA 

(2) P b P true H A 

(3) P b P = Q H A 


Proof ofILemma 78f( Decidability of Propositional Judgments ) lem:prop-decidable 
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(4) F / a = t : k H A x 

(5) r/PHA 1 


Proof. Since there is no mutual recursion between the judgments, we can prove their decidability in 
order, separately. 


(1) Decidability of V b a = t : k HA: By induction on the sizes of cr and t. 






Cases |CheckeqVar[ |CheckeqUnit| |CheckeqZero| No premises. 
Case CheckeqSucc Both cr and t get smaller in the premise. 


Cases |CheckeqlnstL| |CheckeqlnstR[ Follows from Lemma [67] ([Decidability of Instantiation]) . 


(2) Decidability of T h P true H A: By induction on a and t. But we have only one rule deriving this 
judgment form, |CheckpropEq[ which has the judgment in (1) as a premise, so decidability follows 
from part (1). 

(3) Decidability of F b P = Q H A: By induction on P and Q. But we have only one rule deriving this 
judgment form, [=PropEq[ which has two premises of the form (1), so decidability follows from part 
( 1 ). 

(4) Decidability of V / cr = t : k H A : By lexicographic induction, first on the number of unsolved 
variables (both universal and existential) in F, then on cr and t. We also show that the number of 
unsolved variables is nonincreasing in the output context (if it exists) . 


Cases ElimeqUvarRefl[[ElimeqZero No premises, and the output is the same as the input. 


Case ElimeqClash| 
is no output. 


The only premise is the clash judgment, which is clearly decidable. There 


Case ElimeqBin : In the first premise, we have the same F but both cr and t are smaller. By i.h., 

the first premise is decidable; moreover, either some variables in 0 were solved, or no additional 
variables were solved. 


If some variables in 0 were solved, the second premise is smaller than the conclusion according 
to our lexicographic measure, so by i.h., the second premise is decidable. 

If no additional variables were solved, then 0 = T. Therefore [0 ]t2 = [F]tt 2 - It is given that 
u = [F] cr and t = [F]t, so [F]tt 2 = i 'i- Likewise, [0 ]t2 = \V]x 2 = r 2 , so we aremaking a recursive 
call on a strictly smaller subterm. 

Regardless, A- 1 is either _L, or is a A which has no more unsolved variables than 0, which in 
turn has no more unsolved variables than F. 


• Case ElimeqBinBot 


The premise is invoked on subterms, and does not yield an output context. 

Case |ElimeqSucc[ Both cr and t get smaller. By i.h., the output context has fewer unsolved 


variables, if it exists. 


Cases Elimeqlns'tLl |ElimeqlnstR Follows from Lemma [67] ( Decidability of Instantiation ) . 
Furthermore, by Lemma 1741 ([Instantiation Solvesl) , instantiation solves a variable in the output. 

These rules have no nontrivial premises, and a is solved in 
These rules have no nontrivial premises, and produce 


Cases ElimeqUvarL| |ElimeqUvarR 


the output context. 

Cases ElimeqUvarLJ_| ElimeqUvarRT 


the output context 


(5) Decidability of V / PH A- 1 : By induction on P. But we have only one rule deriving this judgment 
form, |ElimpropEq[ for which decidability follows from part (4) . □ 

Lemma 79 (Decidability of Equivalence). 

Given a context F and types A, B such that V b A type and V b B type and [F] A = A and [F] B = B, it is 
decidable whether there exists A such that F b A = B HA. 


Proof. Let the judgment F b A = B HA be measured lexicographically by 


Proof of ILemma 79f( Decidability of Equivalence I lem:equiv-decidable 


Proof oflLemma 79\ ([Decidability 
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(El) #large(A) + #large[B); 

(E2) |unsolved(r)|, the number of unsolved existential variables in V ; 
(E3) |A| + |B|. 

• Cases [=Varll=Exvarll=Un it! No premises. 


Case p E Ai = Bi H 0 0b [0]A 2 = [0]B 2 HA_ 
r b A] ® a 2 = Bi ® b 2 ha i 

In the first premise, part (El) either gets smaller (if A 2 or B 2 have large connectives) or stays the 
same. Since the first premise has the same input context, part (E2) remains the same. However, 
part (E3) gets smaller. 

In the second premise, part (El) either gets smaller (if Ai or Bi have large connectives) or stays 
the same. 

Case l=Vect Similar to a special case of |=®[ where two of the types are monotypes. 


Case 


F, a : k b Ao = Bq H A, a : k, A' 


P b Va : k. Ao = Va : k. Bo HA 

A B 

Since #large(Ao) + #large(Bo) = #large(A) + #large(B) — 2, the first part of the measure gets smaller. 


Case 


rbP = QH0 0 b [0]A O = [0]B O H A 


H3 


rb pda 0 = Qdb 0 ha 

A B 

The first premise is decidable by Lemma [78l ( [Decidability of Propositional Judgments] ) (3). 

For the second premise, by Lemma [73l ( [Substitution Isn’t Large I, #large([0]Ao) = #large(Ao) and 
# I a rge ( [©] B 0 ) = #large(B 0 ). Since #large(A) = #large(A 0 ) + 1 and #large(B) = #large(B 0 ) + I, we 
have 

#large([0]A o ) + #large([0]B o ) < #large(A) + #large(B) 
which makes the first part of the measure smaller. 


Case 


PbP = QH0 0b [0]A O = [0]B O H A 


Pb A 0 A P e B 0 A Q HA 

Similar to the [=1)1 case. 


• Case r[&] h a ;= T : * H A FV(x) 

— l=lnstantiatel_l 

r[&] b a = t h a 

Follows from Lemma [67l ( [Decidability of Instantiation ) . 

• Case l=lnstantiateRl Similar to the l=lnstantiateLl case. 


□ 


1.2 Decidability of Subtyping 

Theorem 1 (Decidability of Subtyping). 

Given a context F and types A, B such that F b A type and V b B type and [FJ A = A and [F]B = B, it is 
decidable whether there exists A such that V b A<: ± B HA. 

Proof. Let the judgments be measured lexicographically by #large(A) + #large(B). 

For each subtyping rule, we show that every premise is smaller than the conclusion, or already known 
to be decidable. The condition that [F] A = A and [FJ B = B is easily satisfied at each inductive step, using 
the definition of substitution. 

Now, we consider the rules deriving Tb A<: ± B HA. 


Proof of iTheoremUj Decidability of Subtyping) thm:subtyping-decidable 


Proof oflTheorem II (Decidability of Subtyping|) thm: subtyping-decidable 


• Case 


A not headed by V/3 
B not headed by V/3 


T h A = B H A. 


■ |< : Equiv| 


T h A <: ± B 3 A 
In this case, we appeal to Lemma [79l ( [Decidability of Equivalence I 
• Case 


B not headed by V 
r, ►a, dt : k h [&./ a] A < : B 3 A, ►a, 0 

rh Va: k.A<:“ B 3 A 

The premise has one fewer quantifier. 

• Case 


Eim 


I^VRl 


E3D 


F, (3 : k I— A < : B 3 A, (1 : k, 0 

L I- A <:“ V(3 : k. B 3 A 

The premise has one fewer quantifier. 

• Case r,ct: Kh A<: + B 3 A, a : k,0 

r h 3a: k. A <:+ B 3 A 

The premise has one fewer quantifier. 

• Case ^ not h eac j ec j by 3 

F, ►g, |3 : k b A<: + [|3/(3]B 3 A, ►£, 0 
r h A <:+ 3|3 : k.B 3 A 
The premise has one fewer quantifier. 

• Case 

T I- A <:“ B 3 A 




neg(A) 
nonpos[ B) 


< ; /L 


T h A <: + B 3 A 
Consider whether B is negative. 

- Case neg( B): 

B = V|3 : k. B' Definition of neg(B) 

P,|3 : k b A <:“ B' 3 A, (3 : k, 0 Inversion on the premise 
There is one fewer quantifier in the subderivation. 

- Case norineg[ B): 

In this case, B is not headed by a V. 

A = Va : k. A' Definition of neg(A) 

T, ►&, & : k h [&/a] A' < : ' 3 A, ►a, 0 Inversion on the premise 

There is one fewer quantifier in the subderivation. 


• Case 


T b A <:“ B 3 A 


nonpos[ A) 
neg( B) 


T h A <:+ B 3 A 


< ■ +R 


B = VP : k. B' Definition of neg(B) 

L,P : Kb Ac- B' 3A,|3:k,0 Inversion on the premise 
There is one fewer quantifier in the subderivation. 


• Case 


Tb A<:+ B 3 A 


pos(A) 
nonneg( B) 


Tb A<;- B 3 A 


< : 1L 


This case is similar to the < : , R case. 
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• Case 


F b A <:+ B H A 


nonneg(A) 

pos(B) 


T b A <:“ B 

This case is similar to the 


A 


<: 1 R 


case. 


□ 


1.3 Decidability of Matching and Coverage 

Lemma 80 (Decidability of Expansion Judgments). 

Given branches IT, it is decidable whether: 

(1) there exists TV such thatTT TT'; 

(2) there exist ITl andTTR such thatTT F1l || TTr; 

(3) there exists TT' such thatTT ™ TT'; 

(4) there exists TT' such thatTT ^ TT'. 

Proof. In each part, by induction on TT: Every rule either has no premises, or breaks down TT in its 
nontrivial premise. □ 

Theorem 2 (Decidability of Coverage) . 

Given a context F, branches TT and types A, it is decidable whether F b TT covers A is derivable. 

Proof. By induction on, lexicographically, (1) the number of A connectives appearing in A, and then (2) 
the size of A, considered to be the sum of the sizes |A| of each type A in A. 

(For CoversVar, Coversx, and Covers+, we also use the appropriate part of Lemma 1801 (Decidability of 
Expansion Judgments).) 


• Case CoversEmpty: No premises. 

• Case lCoversVarl The number of A connectives does not grow, and A gets smaller. 

• Case Coversl: The number of A connectives does not grow, and A gets smaller. 

• Case lCoversxt The number of A connectives does not grow, and A gets smaller, since |Ai I + IA 2 I < 
|Ai x A 2 |. 

• Case |Covers+t Here we have A = (Ai + A 2 ,B). In the first premise, we have (Ai,B), which 
is smaller than A, and in the second premise we have (A 2 , B), which is likewise smaller. (In both 
premises, the number of A connectives does not grow.) 

• Case Covered: The number of A connectives does not grow, and A gets smaller. 

• Case CoversEq: The first premise is decidable by Lemma 1781 ( Decidability of Propositional Judg- 

ments) (4) . The number of A connectives in A gets smaller (note that applying A as a substitution 
cannot add A connectives) . 


• Case CoversEq Bot: 


Decidable by Lemma [78l ([Decidability of Propositional Judgments ) (4). 


□ 


I'. 4 Decidability of Typing 

Theorem 3 (Decidability of Typing). 

(i) Synthesis: Given a context F, a principality p, and a term e, 

it is decidable whether there exist a type A and a context A such that 
Tb e=?>Ap HA. 

(ii) Spines: Given a context F, a spine s, a principality p, and a type A such that TT A type, 
it is decidable whether there exist a type B, a principality q and a context A such that 

r b s:Ap>Bq HA. 
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(iii) Checking: Given a context F, a principality p, a term e, and a type B such that F b B type, 
it is decidable whether there is a context A such that 

rbe<=BpHA. 

(iv) Matching: Given a context F, branches FT, a list of types A, a type C, and a principality p, it is 
decidable whether there exists A such that F b FT::A^=Cp HA. 

Also, if given a proposition P as well, it is decidable whether there exists A such that F / P b FT :: 
A <b C p HA. 

Proof. For rules deriving judgments of the form 

TbeH--H- 

TbebBpH- 

Tb s:Bp» H — 

rbFT::A<=CpH- 

(where we write ” for parts of the judgments that are outputs), the following induction measure on 
such judgments is adequate to prove decidability: 


/ e/s/FT, <(=/»> #large(B), B 

\ Match, A, match judgment form 

where (...) denotes lexicographic order, and where (when comparing two judgments typing terms of the 
same size) the synthesis judgment (top line) is considered smaller than the checking judgment (second 
line) . That is, 

=A / 3> / Match 

Two match judgments are compared according to, first, the list of branches FT (which is a subterm of the 
containing case expression, allowing us to invoke the i.h. for the ICasel rule), then the size of the list of 
types A (considered to be the sum of the sizes |A| of each type A in A), and then, finally, whether the 
judgment is F/P b ... or T b . . . , considering the former judgment (F/P b . . . ) to be larger. 

Note that this measure only uses the input parts of the judgments, leading to a straightforward decid- 
ability argument. 

We will show that in each rule deriving a synthesis, checking, spine or match judgment, every premise 
is smaller than the conclusion. 


• Case |EmptySpine[ No premises. 

• Case |— >Spine[ In each premise, the expression/spine gets smaller (we have e s in the conclusion, 

e in the first premise, and s in the second premise) . 


Case lVa rl No nontrivial premises. 

Case ISubl The first premise has the same subject term e as the conclusion, but the judgment is 
smaller because our measure considers synthesis to be smaller than checking. 


The second premise is a subtyping judgment, which by Theorem |T| ( Decidability of Subtyping ) is 
decidable. 


• Case lAnnol It is easy to show that the judgment F b A ! type is decidable. The second premise 
types e, but the conclusion types (e : A), so the first part of the measure gets smaller. 

• Cases [milled No premises. 

• Case [20 Both the premise and conclusion type e, and both are checking; however, #large(Ao) < 

#large(Va : k. Ao), so the premise is smaller. 

• Case |VSpine[ Both the premise and conclusion type e s, and both are spine judgments; however, 

#large(— ) decreases. 

• Case [AO By Lemma [78] ( [Decidability of Propositional Judgments] ) (2), the first premise is 
decidable. For the second premise, #large([0]Ao) = #large(Ao) < #large(Ao A P). 


Proof oflTheorem 3l( Decidability of Typing) thm:typing-decidable 
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• Case[ED For the first premise, use Lemma [78l ( [Decidability of Propositional Judgments ) (5). In 
the second premise, #large(— ) gets smaller ( similar to the IAN easel. 

• Case lplll The premise is decidable by Lemma [78] ( [Decidability of Propositional Judgments] ) (5). 

• Case |pSpine[ Similar to the lAfl case. 

• Cases ED I— >lftl In the premise, the term is smaller. 

• Cases I—) El I— >E-!I In all premises, the term is smaller. 

• Cases |+lid |+l&kl [x~fl |x led In all premises, the term is smaller. 

• Case ICasel In the first premise, the term is smaller. In the second premise, we have a list 
of branches that is a proper subterm of the case expression. The third premise is decidable by 
Theorem |2| (Decidability of Coverage I. 

We now consider the match rules: 


Case |Match Empty] No premises. 


Case MatchSeq In each premise, the list of branches is properly contained in IT, making each 


premise smaller by the first part (“e/s/TT”) of the measure. 


• Case lMatchBasel The term e in the premise is properly contained in Ff. 


• Cases [MatchEII [Match xl|Match+k|[~MatchNeg[IMatch Wild! Smaller by part (2) of the measure. 

• Case IMatchAI The premise has a smaller A, so it is smaller by the A part of the measure. 
(The premise is the other judgment form, so it is larger by the “match judgment form” part, but A 
lexicographically dominates.) 


Case lMatchTl For the premise, use Lemma 1751 ( [Decidability of Propositional Judgments] ) (4). 
Case [Match Unify] 

Lemma [78l ( [Decidability of Propositional Judgments ) (4) shows that the first premise is decidable. 
The second premise has the same (single) branch and list of types, but is smaller by the “match 
judgment form” part of the measure. □ 


J' Determinacy 

Lemma 81 (Determinacy of Auxiliary Judgments). 

(1) Elimeq: Given T, cr, t, k such that FEV(cr) U FEV(t) = 0 and Di :: T / tr = t : k H Aj- and 
V 2 :: F / cr = t: k H Aj;, 

it is the case that = Aj;. 

(2) Instantiation: Given F, ft, t, k such that ft € unsolved(r) and Th t: k and ft ^ FV(t) 
and V-\ :: T F ft := t : k H Ai and T >2 :: T F ft := t : k H A 2 

it is the case that Ai = Az- 

(3) Symmetric instantiation: 

Given F, ft, 0, k such that ft, G unsolved(F) and ft ^ 0 
and Th :: T F ft := (3 : k H Ai and V 2 :: F F (3 := ft : k H A 2 
it is the case that Ai = Az- 

(4) Checkeq: Given F, cr, t, k such that V] :: F F u = t:K H Ai and Vz :: V F u = t:K H A 2 
it is the case that Ai = Az- 

(5) Elimprop: Given F, P such thatVi :: F / P H A^ 1 and T>z :: F / P H Aj; 
it is the case that Ai = A 2 . 

(6) Checkprop: Given T, P such that V\ :: F F P true H Ai and T>z :: F F P true H A 2 , 
it is the case that Ai = A 2 . 


Proof of ILemma sTTi Determinacy of Auxiliary Judgments I lem:aux-det 
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Proof. 

Proof of Part (1) (Elimeq). 

Rule El imeqZero| app lies if and only if cr = t = zero. 

Rule ElimeqSucc| applies if and only if cr and t are headed by succ. 
Now suppose cr = a. 


Rule El imeql)varRefl| applies if and only if t = oc. (Rule ElimeqClash cannot apply; rules ElimeqUvarL 
and ElimeqUvarR have a free variable condition; rules ElimeqUvarLJ- and |ElimeqUvarR± have a 
condition that cr ^ t.) 

In the remainder, assume t ^ alpha. 


If oc € FV(t), then rule |ElimeqUvarl— L] applies, and no other rule applies (including |ElimeqUvarR± 
and ElimeqClashp . 

In the remainder, assume oc FV(t). 


Consider whether ElimeqUvarRi.|applies. The co nclusion matches if we have t = (3 for some P 7^ a 
(that is, a = a and t = (3). But |ElimeqUvarR_L has a condition that |3 e FV(cr), and cr = oc, so the 
condition is not satisfied. 


In the symmetric case, use the reasoning above, exchanging L’s and R’s in the rule names. 


Proof of Part (2) (Instantiation) . 

Rule II nstBinl applies if and only if t has the form ti CD ti. 

Rule II nstZerol applies if and only if t has the form zero. 

Rule II nstSuccI applies if and only if t has the form succ (to) . 

If t has the form (3, then consider whether (3 is declared to the left of ft in the given context: 

• If $ is declared to the left of ft, then rule II nstReachl cannot be used, which leaves onlv IlnstSolvel 

• If 0 is declared to the right of ft, then llnstSolvel cannot be used because $ is not well-formed under 
To (the context to the left of ft in llnstSolvel) . That leaves onlv IlnstReachl 

• ft cannot be j§, because it is given that ft ^ FV(t) = FV(j3) = {$}. 

Proof of Part (3) (Symmetric instantiation). 

1 1 nstBinl fi nstZerol and II nstSuccI cannot have been used in either derivation. 

Suppose that llnstSolvel concluded V\ . Then Ai is the same as Y with ft solved to p. Moreover, p is 
declared to the left of ft in T. Thus. [TnstSol vel cannot conclude V 2 . However. II nstReachl can conclude Vj, 
but produces a context A 2 which is the same as T but with ft solved to p. Therefore A] = A 2 . 

The other possibility is that llnstReachl concluded . Then Ai is the same as Y with p solved to ft, with 
ft declared to the left of p in F. Thus. [TnstReachl cannot conclude V 2 . However. II nstSolvel can conclude 
V 2 , producing a context A 2 which is the same as F but with p solved to ft. Therefore Ai = A 2 . 


Proof of Part (4) (Checkeq). 

Rule |CheckeqVar| applies if and only if a = t = 


ft or cr = t = a (note the free variable conditions in 


CheckeqlnstL and|CheckeqlnstRp. 


Rule 

Rule 

Rule 

Rule 


Checkeqllnit applies if and only if 0 = t = 1. 


Checkeq Bin| applies if and only if a and t are both headed by the same binary connective, 
applies if and only if cr = t = zero, 
applies if and only if a and t are headed by succ. 


CheckeqZero 


CheckeqSucc 


Now suppose a = ft. If t is not an existential variable, then CheckeqlnstR cannot be used, which leaves 
only |CheckeqlnstL| If t is an existential variable, that is, some (3 (distinct from ft), and is unsolved, then 
and|CheckeqlnstR|apply, but by part (3), we get the same output context from each. 


both 


CheckeqlnstL 


The t = ft subcase is similar. 


Proof of Part (5) (Elimprop). There is only one rule deriving this judgment; the result follows by part 

( 1 ). 
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Proof of Part (6) (Checkprop). There is only one rule deriving this judgment; the result follows by 
part (4). □ 

Lemma 82 (Determinacy of Equivalence). 

(1) Propositional equivalence: Given F, P, Q such thatV-\ :: T b P = Q H Ai and Xb :: T b P = Q H A2, 
it is the case that Ai = A2. 

(2) Type equivalence: Given F, A, B such thatDi :: F b A = B H Ai and D 2 :: F b A = B H A 2 , 
it is the case that Ai = A2. 


Proof. 

Proof of Part (1) (propositional equivalence). Only one rule derives judgments of this form; the result 
follows from Lemma [8ll ( Determinacy of Auxiliary Judgments I (4). 


Proof of Part (2) (type equivalence). If neither A nor B is an existential variable, they must have the 
same head connectives, and the same rule must conclude both derivations. 

If A and B are the same existential variable, then only l=Exvarl applies (due to the free variable 
conditions in l=lnstantiateLl and l=lnstantiateRI) . 

If A and B are different unsolved existential variables, the judgment matches the conclusion of both 
l=lnstantiateLl and l=lnstantiateRI but by part (3) of Lemma I8T1 ( Determinacy of Auxiliary Judgments I, we 
get the same output context regardless of which rule we choose. □ 


Theorem 4 (Determinacy of Subtyping). 

(1) Subtyping: Given F, e. A, B such thatVi :: F b A < : ± B HA] and X >2 :: F b A<: ± B 3 A 2 , 
it is the case that Ai = A 2 . 


Proof. First, we consider whether we are looking at positive or negative subtyping, and then consider the 
outermost connective of A and B : 


• If Tb A<: + B H Ai and F b A<: + B H A2, then we know the last rule ending the derivation of 
£>1 and £b must be: 


B 


v 

A 3 

other 


V 3 other 

< : + R < : + L K 

LU 

A 

+ 1 

r - 

l< : 3LI |< 

3D R73L1 

<: + R K 

"3Rl < Equiv 


The only case in which there are two possible final rules is in the V/V case. In this case, regardless 
of the choice of rule, by inversion we get subderivations Fb A < : B -I A 1 and Tb A < : B HA2. 


• If T b A < : B H A] and F b A < : B H A2, then we know the last rule ending the derivation of 

£>1 and £>2 must be: 


B 

V 3 other 


v K 

VRI IcVLI IcVLI 

A 3 El 

VRI c + L <: + R <: + L 

other [3 

VRI <: + R |< : Equiv| 


The only case in which there are two possible final rules is in the V/V case. In this case, regardless 
of the choice of rule, by inversion we get subderivations Tb A<: + B HAi and Tb A < : + B HA 2. 

As a result, the result follows by a routine induction. □ 

Theorem 5 (Determinacy of Typing) . 
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( 1 ) Checking: Given V, e, A, p such thatV-\ :: T h e <A A p H Ai and V 2 :: Th e<=Ap H Az, 
it is the case that Ai = A 2 . 

(2) Synthesis: Given V, e such thatV 1 ::Fh e^Bi pi H A] and T>z :: F b e =)> B 2 P 2 H A 2 , 
it is the case that Bi = B 2 and pi = p 2 and A] = Az- 

(3) Spine judgments: 

Given F, e, A, p such that P] ::Fh e:Ap>Ci qi H Ai and T>z :: F h e : A p C 2 q 2 H A 2 , 
it is the case that Ci = C 2 and q 1 = q 2 and Ai = Az. 

The same applies for derivations of the principality-recovering judgments r 1 - e : A p » Cic fqicl H 
Aic- 

(4) Match judgments: 

Given F, FT, A, p, C such that £>1 :: F h FT :: A <^= C p H Ai and T>z :: F h FT :: A <^= C p H Az, 
it is the case that Ai = Az- 

Given F, P, FT, A, p, C 

such that V 1 :: V / P I- FT :: A <^= C p H Ai and T>z :: F /PR FF::A^=Cp H A z, 
it is the case that Ai = A 2 . 

Proof. 

Proof of Part (1) (checking). 

The rules with a checking judgment in the conclusion are: 1TT1 II 1 IVTl I7\T1 [3TI lz3 l_Ll 1 — »1H — >1 IRecl r+Tj~l 
1+T^ Eil ETMICiIilfNifllTHHIl 

The table below shows which rules apply for given e and A. The extra “ chk-I ?” column highlights the 
role of the “chk-I” (“check-intro”) category of syntactic forms: we restrict the introduction rules for V and 
D to type only these forms. For example, given e = x and A = (Va : k. Aq), we need not choose between 
ISubl andlVll the latter is ruled out by its chk-I premise. 

A 

Note 1 



chk-I ? 

V 

D 

3 

A 

— > 

+ 

X 

1 

a 

oc 

Vec 

Ax. eo 

chk-I 

m 

EHditi 

ISubl 

ED 

EO 

0 

0 

0 

Mftl 

0 

0 

rec x. v 

Note 2 

IRecI 

IRecI 

IRecI 

IRecI 

IRecI 

IRecI 

IRecI 

IRecI 

IRecI 

IRecI 

0 

inj k e 0 

chk-I 

ED 

EDOm 

ISubl 

ED 

0 

EG 

0 

0 

1+ia.id 

0 

0 

(ei,e 2 ) 

chk-I 

ED 

EDEm 

ISubl 

ED 

0 

0 

ED 

0 

ixiai 

0 

0 

□ 

chk-I 

m 

EDGE] 

ISubl 

ED 

0 

0 

0 

0 

0 

0 

EDI 

ei :: e 2 

chk-I 

0] 

EDGE! 

ISubl 

ED 

0 

0 

0 

0 

0 

0 

IConsI 

0 

chk-I 

El 

GDGTTl 

ISubl 

ED 

0 

0 

0 

ED 

rm 

0 

0 

casejeo, FF) 

Note 3 

ICasel 

ICasel 

ICasel 

ICasel 

ICasel 

ICasel 

ICasel 

ICasel 

ICasel 

ICasel 

ICasel 

X 


ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

(eo : A) 


ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ei s 


ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 

ISubl 


Notes: 

• Note 1 : The choice between QT| and |pl_LI is resolved by Lemma [8T] (Determinacy of Auxiliary Judg- 
ments) (5). 

• Note 2: Fixed points are a checking form, but not an introduction form. So if e is rec x. v, we need 
not choose between an introduction rule for a large connective and the I Reel rule: only the I Reel rule 
is viable. Large connectives must, therefore, be introduced inside the typing of the body v. 

• Note 3: Case expressions are a checking form, but not an introduction form. So if e is a case 
expression, we need not choose between an introduction rule for a large connective and the ICasel 
rule: only the ICasel rule is viable. Large connectives must, therefore, be introduced inside the 
branches. 


Proof of iTheorem 5l ( Determinacy of Typing I thm:typing-det 


Proof of\Theorern~5\ ( Determinacy of Typing}) thm:typing-det 
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Proof of Part (2) (synthesis) . Only four rules have a synthesis judgment in the conclusion: IVarl lAnnol 
I >EI and I ■ E- ! I Rule IVarl applies if and only if e has the form x. Rule I An nol applies if and only if e has the 
form (eo : A). 

Otherwise, the judgment can be derived only if e has the form e j e 2 , bv l— >El or l— >E-!I If Pi and Vj 
both end in i— >El or l^E-!l we are done. Suppose Pi ends in i— >El and P 2 ends in i— >E-!I By i.h., the p in the 
first subderivation of l^El must be equal to the one in the first subderivation oi l Ell that is, p = !. Thus 
the inputs to the respective second subderivations match, so by i.h. their outputs match; in particular, 
q = /. However, from the condition in ME! it must be the case that FEV([A]C) ^ 0, which contradicts 
the condition FEV([A]C) = 0 in i— >E-!I 


Proof of Part (3) (spine judgments). For the ordinary spine judgment, rule |EmptySpine| applies if and 
only if the given spine is empty. Otherwise, the choice of rule is determined by the head constructor of 
■y|— >Spine; 


the input type: 


V/ |VSpi 


ne 


D/ jDSpinet a/ jaSpine[ 

For the principality-recovering spine judgment: If p = /, only rule |SpinePass| applies. If p = ! and 
q = !, only rule |SpinePass| applies. If p = ! and q = /, then the rule is determined by FEV(C): if 
FEV(C) = 0 then only|SpineRecover| applies; otherwise, FEV(C) 7 ^ 0 and only |SpinePass| applies. 


Proof of Part (4) (matching). First, the elimination judgment form F / P F . . . : It cannot be the case 
that both r/cr = t:KH± and F / c = t : k H 0, so either [Match Tl concludes both Pi and P 2 (and the 
result follows), or |MatchUnify| concludes both Pi and P 2 (in which case, apply the i.h.). 

Now the main judgment form, without “/ P”: either FT is empty, or has length one, or has length 
greater than one. |MatchEmpty| applies if and only if 17 is empty, and [MatchSeq] applies if and only if FI has 
length greater than one. So in the rest of this part, we assume IT has length one. 

Moreover. I Match Basel applies if and only if A has length zero. So in the rest of this part, we assume 
the length of A is at least one. 

Let A be the first type in A. Inspection of the rules shows that given particular A and p, where p is 
the first pattern, only a single rule can apply, or no rule (“0”) can apply, as shown in the following table: 

A 


A 


+ 


Vec 


other 


P (pi.p?) |Match3l IMatchAl 

0 

Match x| 

0 

z |Match3l IMatchAl 

MatchNeg 


MatchNeg| 

MatchNeg| 

IMatchHI IMatchAl 

MatchWilc 

] 

MatchWiidl 

MatchWiidl 


□ 

Pi 


P 2 IMatchHI IMatchAl 0 


MatchNeg| 


MatchWiidl 


MatchNil 
MatchCons 


K' Soundness 


K'.l Instantiation 

Lemma 83 (Soundness of Instantiation). 

IfT\- &:=t:k HA and & ^ FV([F]t) and [F]tt = x and A — * Cl then [II] & = [D]t. 
Proof. By induction on the derivation of F F a := t : k HA. 


• Case 


r 0 F t : k 

To, & : k, Fi F & := t : k H To, & : k = t, Fi 


InstSolvel 


[A] 6t = [A] t: By definition 

[Ola = [0]t By Lemma|29l ([Substitution Monotonicity I to each side 


• Case 


€ unsolved(F[& : k][0 : k] ) 


f[& : k][|3 : k] F & := |3 : k H T[& : k][|3 : k = ft] 


IlnstReachl 


□ 


Proof of lLemma 831 (ISoundness of Instantiation!) lemnnstantiation-soundness 


Proof of\Lemma 83l ([Soundness of Instantiation!) iem:instantiation-soundness 
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•S’ 


[A]$ = [A] ft 
[Cim$ = [a] [A] ft 

[a] 0 = [a] a 


By definition 
Applying II to each side 


By Lemma [29] ([Substitution Monotonicity I to each side 


Case 


r' 


r 0 [ft 2 : *, fti : ft : * = fti © ft 2 ] b ft] := Ti : * H 0 0 h ft 2 := [0 ]t 2 : * H A 

r 0 [ft : *] h ft := Ti © x 2 : * HA 


IlnstBinl 


A » a 

n b ft! := T! :* H 0 



[QJfti = [Ok, 


0 h ft 2 := [0]t 2 :* H A 
[0]& 2 = [Q][0]t 2 
= [0]t 2 

(tain) © ([Q]t 2 ) = an]&i) © ([n]& 2 ) 
= [a] (ft! © ft 2 ) 

= [o]([r']ft) 

= [a] a 

**■ [0] (ti © t 2 ) = [O] ft 


Given 

Subderivation 

By Lemma [43] ([Instantiation Extension!) 

By Lemma [33] ( [Extension Transitivity ) 

By i.h. 

Subderivation 
By i.h. 

By Lemma [29] ( [Substitution Monotonicity I 

By above equalities 

By definition of substitution 

By definition of substitution 

By Lemma [29] ( [Substitution Monotonicity I 

By definition of substitution 


• Case 

Pq [ft : N] b ft := zero : N H To [ft : N = zero] ' 
Similar to the llnstSolvel case. 


* Case r 0 [fti :N,ft:N = succ(ft 1 )] b ft, := ti : N H A 

— : IlnstSuccI 

P 0 [ft : M] b ft:= succ(ti) :N H A 

Similar to the llnstBml case. but simpler. □ 

Lemma 84 (Soundness of Checkeq). 

IfTb fflt:K HA where A — > Cl then [0]cr = [0]t. 

Proof. By induction on the given derivation. 


Case 


Tb u A u : k 


; |ClieckeqVar| 


•s- [0]u = [II] u By reflexivity of equality 

Cases CheckeqUnit[ |CheckeqZero[ Similar to the CheckeqVar 


case. 


• Case 


rb (j 0 


f b SUCc(cTo) 


to : N H A 
succ(to) : N H A 


|CheckeqSucc| 


rb(Jo=to.N HA 
[n]cr 0 = [II] t 0 
SUCc([0]cTo) = succ([0]to) 

•s- [0](succ((Jo)) = [H](succ(to)) 


Subderivation 
By i.h. 

By congruence 
By definition of substitution 


Proof of ILemma 841 ( Soundness of Checkeq I lemxheckeq-soundness 


Proof of\Lemma 84l(|SoundneSS of CheckeqD lem:checkeq-soundness 
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Case 


T b cto — to : * H 0 0b [0] cr i = [0] 1 1 : * HA 
r b Go 0 CT] b to ® t] : * HA 

rbcro=to'N HA 
0 b [©] cr-i = [0] 1 1 :* H A 
A — > 0 
0 — > A 

0 — > a 

[O]ffo = [Q]to 

[0] [0] g ] = [a][0]t, 

[01 [0] cj i = [ajd! 

[Q][0]tt = [nit! 

[n]cri = [nit, 

[o]ff 0 0 [njffi = [n]t 0 0 [n]ti 

[0] (cr 0 0 O'! ) = [O] (to © ti ) 


|CheckeqBin| 

Subderivation 

Subderivation 

Given 

By Lemma [46] ( [Checkeq Extension ) 

By Lemma 1331 ( [Extension Transitivity ) 

By i.h. on first subderivation 
By i.h. on second subderivation 
By Lemma [29] ( [Substitution Monotonicity ) 
By Lemma [29] ( [Substitution Monotonicity ) 
By transitivity of equality 
By congruence of equality 
By definition of substitution 


Case 


r[&] b & := t : K H A a £ FV(t) 
r[&] b a = t : k HA 


|CheckeqlnstL| 


r[a] b a : = t : k ha 
a $ pv(t) 

[nja= [n]t 


Subderivation 

Premise 

By Lemma l83l(ISoundness of Instantiation!) 


Case 


na : k] b a := ff : k H A a^ FV(t) 


T[a :K]b crH=a:K HA 

Similar to the |CheckeqlnstL| case. 

Lemma 85 (Soundness of Propositional Equivalence). 
If T b P = Q HA where A — > Cl then [d]P = [d]Q. 

Proof. By induction on the given derivation. 


|CheckeqlnstR| 


□ 


• Case 


P b u, =t,:NH0 0b [0] cr 2 = [0]t 2 :NHA 


r b (ff! = g 2 ) = (ti = t 2 ) HA 


l=Propbq| 


A > n 

0 > A 

0 — > Cl 

P b cr-, = t! : N H 0 
[0]cx, = [D]t! 

0 b [0] u 2 = [0]t 2 : N H A 
[O] [©] cr 2 = [O] [0]t 2 
[0] [0] cr 2 = [0] g 2 
[0] [0]t 2 = [0]t 2 
[0 ]ct 2 = [0]t 2 

([0]ffi = [0] cr 2 ) = ( [0] t ! = [0]t 2 ) 

[0] ( cr i = cr 2 ) = [0](t! =t 2 ) 

Lemma 86 (Soundness of Algorithmic Equivalence) . 
If T b A = B H A where A — > 0 then [0]A = [0]B. 

Proof. By induction on the given derivation. 

• Case 

rUSIrl 


Given 

By Lemma [46] ( |Checkeq Extension I (on 2nd premise) 

By Lemma [33] ( [Extension Transitivity I 

Given 

By Lemma [84] ( [Soundness of Checkeq] ) 

Given 

By Lemma [84] ( [Soundness of Checkeq] ) 

By Lemma [29] ( [Substitution Monotonicity ) 

By Lemma [29] ( [Substitution Monotonicity ) 

By transitivity of equality 
By congruence of equality 

By definition of substitution □ 


r b a= a H r 
is- [0] a = [0] a By reflexivity of equality 


Proof of ILemma 86T( Soundness of Algorithmic Equivalence I lem:equiv-soundness 


Proof oflLemma_86|( Soundness of Algorithmic Equivalence!) lem:equiv-soundness 
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• Cases l=~Exva d l=U n it! Similar to the l=Varl case. 


• Case 


F b A, sB, H0 0b [0]A 2 = [0]B 2 H a 
r b A] 0 a 2 = Bi 0 Bi ha 


a — > a 

0 b [0]A 2 = [0]B 2 H A 



bb At =B! H 0 
[n]A! = [DIB, 


Given 

Subderivation 

By Lemma [49] ( [Equivalence Extension ) 
By Lemma [33] ( [Extension Transitivity ) 

Subderivation 
By i.h. 


A — > 0 

[n][0]A 2 = [0][0]B 2 

[Q]a 2 = [n]B 2 
«■ ([Q]Ai)0 ([Q]A 2 ) 


Given 
By i.h. 

By Lemma [29] ( [Substitution Monotonicity I 
([0]Bi ) 0 ([0]B 2 ] By above equations 


• Case 


F, a : k b Ao = Bo H A, a : k, A' 
P b Va : k. Aq = Va : k. Bq HA 


b a : k b Ao = Bo H A, a : k, A' 
A — > 0 

E, a : k, • — > A, a : k, A' 

A' soft 

A, a : k, A' — > Cl, a : k, Qz 
F, a : k b Ao type 
F, a : k b B 0 type 
FV(Ao) C dom(T, oc : k) 
FV(Bo) C dom(r, oc : k) 

E, a : k — > Cl, oc : k 
FV(A o) C dom(£l, oc : k) 
FV(Bo) C dom(fl, oc : k] 
[Cl, oc : k, £lzl Ao = [0, oc : k] Ao 
[0, a : k, 0z]Bo = [0, oc : k]Bo 
[ 0, a : k]Ao = [0, oc : k]Bo 
[ 0]A O = [0]B O 
Voc : k. [0]Ao = Va : k. [0]Bo 
[0](Va : k. Aq] = [0](Va : k. Bo) 


Subderivation 

Given 

By Lemma [49] ( [Equivalence Extension ) 

Since • is soft 

By Lemma 1241 (ISoft Extension]) 

By validity on subderivation 
By validity on subderivation 
By well-typing of Ao 
By well-typing of Bo 
Bv l — dJvarl 

By Lemma l20l ([Declaration Order Preservation!) 

By Lemma l20l ([Declaration Order Preservation!) 

By definition of substitution, since FV(Ao) n dom(0z) = 0 

By definition of substitution, since FV(Bo) n dom(0z) = 0 

By transitivity of equality 

From definition of substitution 

Adding quantifier to each side 

By definition of subsitution 


• Case 


F b P = Q H 0 0b [0]A O = [0]B O H A 
rb pda 0 = Qdb 0 ha 


H3 


A — > 0 

0 b [0]A O = [0]B O 
0 — > A 
0 — > 0 

r b P = Q H 0 
[0]P = [0]Q 


Given 

Subderivation 

By Lemma [49] ( [Equivalence Extension ) 

By Lemma [33] ( [Extension Transitivity ) 

Subderivation 

By Lemma [85] ([Soundness of Propositional Equivalence ) 


0 b [0]A O = [0]B O H A 
[0][0]A O = [0][0]B O 
[0]A O = [0]B O 


Subderivation 
By i.h. 

By Lemma [291 ([Substitution Monotonicity I 


Proof of ILemma 86T( Soundness of Algorithmic Equivalence I lem:equiv-soundness 


Proof of\Lemina_8Bi, Soundness of Algorithmic Equivalence!) lem:equiv-soundness 
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• Case n_ P = n -| 0 0l - © A 0 = 0 B 0 HA, , 

l=Al 

F h A 0 A P e Bo A Q HA 

Similar to the I=2>1 case. 


• Case 


F[&] h a := t : * H A 

r[&] h a = t 

A 


a i fv(t) 
Ta 


l=lnstantiateLI 


T[a] I- a := t : * HA Subderivation 
is- [Q]a= [Q]t By Lemma l83l ([Soundness of Instantiationl) 

• Case 1= Instantiated Similar to the l=lnstantiatelll case. 


□ 


K'.2 Soundness of Checkprop 

Lemma 87 (Soundness of Checkprop). 

If T I- P true H A and A — ■> Cl then VI- [d]P true. 

Proof. By induction on the derivation of F h P true H A. 


|CheckpropEq| 


• Case r p a ^ t:N _| A 
T P u = t true H A 

p 

FF cr = t:N HA 
[Q]cj = [Q]t 

VI- [fl]cr = [Q]t true 
V h [0](cr = t) true 
«• V h [D]P true 


Subderivation 

By Lemma [84] ( [Soundness of Checkeq I 
By DecICheckpropEq 
By def. of subst. 

By P = (cr = t) 


□ 


K'.3 Soundness of Eliminations (Equality and Proposition) 

Lemma 88 (Soundness of Equality Elimination) . 

If [FJ cr = cr and [F] t = t and Th u:k and V I- t : k and FEV(cr) U FEV(t) = 0, then: 

(1) Iff / ct = t : k HA 

then A = (F, 0) where 0 = (<xi = ti , . . . , a n = t n ) and 
for all Cl such that T — > £1 
and all t' such that Cl F t' : k', 

it is the case that [£1, 0]t' = [0] [0]t', where 0 = mgu(u, t). 

(2) Iff / u = t:K H X then mgu(cr, t) = X (that is, no most general unifier exists). 

Proof. First, we need to recall a few properties of term unification. 

(i) If a is a term, then mgu(cr, u) = id. 

(ii) If f is a unary constructor, then mgu(f(cr), f(t)) = mgu(cr, t), supposing that mgu(u, t) exists. 

(iii) If f is a binary constructor, and cr = mgu(f(ffi , 02 ), f(ti , ti)) and c^ = mgu(cri,ti) and <32 = 
mgu([cJi]cr 2 , [cr]]t 2 ), then cr = 02 o cr 1 = cr 1 o o 2 . 

(iv) If a ^ FV(t), then mgu(a, t) = (a = t). 

(v) If f is an n-ary constructor, and at and ti (for i < n) have no unifier, then f(cri , . . . , u n ) and 
f (t] , . . . , t n ) have no unifier. 

We proceed by induction on the derivation ofF / u = t: k H A x , proving both parts with a single 
induction. 


Proof of ILemma 88f( Soundness of Equality Elimination I lem:elimeq-soundness 


Proof oflLemma SSI ([Soundness of Equality Elimination!) lem:elimeq-soundness 


Case 


f / a=a:KHf 


|ElimeqUvarRefl| 


Here we have A = T, so we are in part (1). 

Let 0 = id (which is mgu(cr, a)). 

We can easily show [id] [D]a = [£>, a] = [H, •] cc. 


Case 

T / zero == zero : N H F 
Similar to the|ElimeqUvarRefi 


|ElimeqZero| 


case. 


• Case 


r/t,=t 2 :NHA J 


T / succ(t] ) A succ(t 2 ) : N H A x 
We distinguish two subcases: 


|ElimeqSucc| 


- Case A 1 - = A: 

Since we have the same output context in the conclusion and premise, the “for all t' . . 
follows immediately from the i.h. (1). 

The i.h. also gives us 0o = mgu(ti ,t 2 ). 

Let 0 = 0o- By property (ii), mgu(ti,t 2 ) = mgu(succ(ti),succ(t 2 )) = 0. 

- Case A 1 - = _L: 

T / ti = t 2 : N H _L Subderivation 
mgu(ti,t 2 ) = _L By i.h. (2) 

mgu(succ(ti),succ(t 2 )) = _L By contrapositive of property (ii) 


a£FV(t) (oc = — ) ^ F — 

|ElimeqUvarL| 


T / a=t:K HF,a = t 

Here A 7 ^ _L, so we are in part (1). 

[O, a = t]t' = [[n]t/a] [H]t' By a property of substitution 
= [O] [t/a] [Q]t' By a property of substitution 
= [H] [0] [Q]t' Bymgu(a,t) = (a/t) 

•s- = f01[O] t' By a property of substitution (0 creates no evars) 


a t FV(t) 


(a = -) i r 


F / t= a:K HT, a = t 
case. 


|ElimeqUvarR| 


Similar to the ElimeqUvarL 
• Case 


r / 1 = 1 : * h r 


|Eli meq U n it| 


case. 


Similar to the ElimeqUvarRefl 

• Case r / Tl i T ' . * h 0 0 / [0] Tl = [©] T ' iHA 1 

r / T] ® T2 = tj © t 2 : * H A 1 

Either A 1 - is some A, or it is _L. 

- Case A x = A: 


|Elimeq E3TrT| 


Proof of ILemma 88f( Soundness of Equality Elimination I lem:elimeq-soundness 
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. ” part 


Proof oflLemma gg| ([Soundness of Equality Elimination!) lem:elimeq-soundness 


96 


(IH-lst) 


P / T] = tJ : * H 0 

0= (r.A,) 

[HjAtJu! = [0i][O]ui 

0! = mgu(x! , ) 


Subderivation 
By i.h. (1) 

" for all 0 b uq : k ' 


0 / [0]ti = [0]t 2 : * H A Subderivation 


A= (0,A 2 ) 

(IH-2nd) [O, At , A 2 ]u 2 = [0 2 ] [0, At ]u 2 
0 2 = rngu(T 2 , t 2 ) 

Suppose £1 b u : k'. 

[a, At , A 2 ]u = [0 2 ] [0, At ]u 
= [0 2 ] [0i ] [0]u 
•S’ = [0] [02 0 01 ]u 


By i.h. (1) 

" for all 0 b u 2 : k ' 


By (IH-2nd), with u 2 = u 
By (IH-lst), with ui = u 
By a property of substitution 


«s- 0 2 o 0t = mgu((xi ®t 2 ),(t[ © Tj)) By property (iii) of substitution 

- Case A 1 - = ©: 

Use the i.h. (2) on the second premise to show mgu(r 2 ,T 2 ) = ©, then use property (v) of 
unification to show mgu((xi © t 2 ), (tJ © x' 2 )) = ©. 


• Case 


F / ti = x\ : * H © 

T / Ti © t 2 A tJ © t 2 : * H © 


|ElimeqBinBot| 


Similar to the © subcase for ElimeqSucc but using property (v) instead of property (ii). 


• Case 


<T # t 


r/cr©t:KH© 


|ElimeqCia 


Since cr # t, we know cr and t have different head constructors, and thus no unifier. 


□ 
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Theorem 6 (Soundness of Algorithmic Subtyping) . 

If [r]A = A and [F] B = B and F b A type and T h B type and A — > Cl and Th A<: i B HA then 

[a ] a b [a ] a < ± [n]B. 

Proof. By induction on the given derivation. 


• Case 


B not headed by V F, ►&, & : k b [ft/ a]Ao < : 
F b Va : k. Ao < : — B HA 


B HA, ►&,© 


E2D 


LetO' = (£>>&, 0|). 


r, ►&, ft : Kb [ft/ a] Ao < : B H A, ►a, 0 

A — > Cl 
(A ,►*,0)— >Q' 

T b Va : k. A 0 type 
F, a : k b Ao type 
T, ►a, & : k b [ft/a]A 0 type 
F b B type 

[O'](A,* & ,0) b [n'][&/a]A 0 <“ [Q1B 

II b B type 
[D']B = [D]B 

[n'](A,*&,0) b [n'][ft/a]A 0 <- [Q]B 
[O'](A,*&,0) b [[Q1ft/a][Q1Ao <“ [Cl ] B 

F, ►<*, ft : k b 6i : k 
f, ► &,&: k — > A, ► &, 0 
0 is soft 
A, ►£, 0 b ft : k 
(A, ► &,0) — i Cl' 

[D']a' b [D'Jft: k 
[£>'](A,* & ,0) b [mft: k 

[O'] (A, ► &, 0) b Va : k. [d'JAo <“ [Q]B 
[0'](A, ► <*, 0) b Va : k. [Cl, a : k]Ao < [H]B 
[0] A b Va : k. [II, a : k]Ao < [0]B 
[0] A b Va : k. [Q]A 0 <“ [H]B 
[0] A b [H](Va : k. A 0 ) <~ [H]B 

• Case I < : HRt Similar to the l< : VLl case. 


Subderivation 

Given 

By Lemma [251 ( [Filling Completes] ) 

Given 

By inversion (IForallWFD 
By a property of substitution 
Given 

By i.h. 

By Lemma [36] ( [Extension Weakening (Sorts) I 
By Lemma [T71 ( [Substitution Stability] ) 

By above equality 
By distributivity of substitution 

Bv IVarSortl 

By Lemma [50] ( |Subtyping Extension I 
By Lemma l22l (Extension Inversion!) (ii) 

By Lemma [36] ( [Extension Weakening (Sorts) I 
Above 

By Lemma [14] ( [Substitution for Sorting I 
By Lemma [54l ( [Completing Stability] ) 

By Rvq 

By Lemma [171 ( [Substitution Stability] ) 

By Lemma l52l ( [Context Partitioning! + thinning 
By def. of substitution 
By def. of substitution 


• Case 


F, (3 : k b A < : Bo H A, (3 : k, 0 

r b A <:“ V(3 : k. B 0 HA 


RTVRl 


Proof of iTheoreml^ Soundness of Algorithmic Subtyping ) thm: subtyping-soundness 


Proof oflTheorem 6l( Soundness of Algorithmic Subtypingj) thm:subtyping-soundness 
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P, (3 : k F A < : Bo H A, (3 : k, 0 

Let Q z = |0| . 

Let O' = (H, (3 : k, Qz)- 
(A, P : k, 0) — > O' 

FLA type 
T, P : k h A type 

F F Vp : k. B 0 type 
r, P : k F B 0 type 

[O'] (A, P : k,0) F [O'] A <" [a']B 0 
F, p : k — > A, P : k, 0 
0 is soft 

[H, P : k](A, P : k) h [O, P : k]A < [O, p : k]B 0 

[0,p : k](A,P : k) F [D]A<- [£>]B 0 

[G]AF [n]A <- VP : k. [G]B 0 
[G]AF [n]A <- [a](Vp : k.Bo) 


Subderivation 


By Lemma [25] ( [Filling Completes - ] ) 
Given 

By Lemma 1351 ( [Suffix Weakening] ) 
Given 

By inversion flForallWFl) 

By i.h. 

By Lemma [50l ( |Subtyping Extension I 
By Lemma [22] (Extension Inversion!) (i) 
By Lemma [17] ( [Substitution Stability ) 
By def. of substitution 
By |<VRl 

By def. of substitution 


Case [<730 
Case 


Similar to the l< : VRl case. 


Tb A = B HA 
fh A<: ± B HA 


|< : Equiv] 


F F A = B HA 
A — > fl 
[Q]A = [G]B 

r — > a 

F F A type 
[fl]n F [Q]A type 
[G]A F [Q]A type 


m- [G]A F [G]A < ± [G]B By |<Retl±| 
Case 


Subderivation 

Given 

By Lemma [86] ( [Soundness of Algorithmic Equivalence] ) 
By Lemma l49l ( [Equivalence Extension] ) 

Given 

By Lemma [16] ( [Substitution for Type Well-Formedness ) 
By Lemma [54l ([Completing Stability]) 


FF A<:~B HA 


neg( A) 
nonpos(B) 


TF Ac 


B 

A 


< : + L 


F F A <;- B 
neg(A) 
notipos{ B) 
nonpos(A) 

[Q]r f [a] a <- [a]B 
«• [Q]r F [G] A <+ [Q]B 


Case 


r F A <;- B H A 


A 

By inversion 
By inversion 
By inversion 
since neg(A) 
By induction 

By[H 

nonpos(A) 
neg{ B) 


TFAc+BHA 


<:7R 


Similar to the 
Case 


’ : +L 


case. 


r F A <:+ B 


pos(A) 
nonneg( B) 


fFA<FBHA 


<:1L 


Similar to the < : , L case. 
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• Case 


E h A <:+ B H A 


nonneg(A) 

pos(B) 


Similar to the 


r h A <:“ B H A 
case. 


c 1 R 


::;L 


□ 


K'.4 Soundness of Typing 

Theorem 7 (Soundness of Match Coverage) . 

covers A. 

= P then [Q]T / Ph 

FI covers A. 

Proof. By mutual induction on the given algorithmic coverage derivation. 


1 . If T I- FI covers A and V — > Cl and Th A! types and [P]A = A then [£l]r h IT 

2. If T / P h TT covers A and V — > Cl and V h A ! types and [f]A = A and [P] P 


1 . 


• Case 


r h 


ICoversEmptyl 

• =h d I ... covers • 


[Q]FI- • =h> e, I ... covers ■ By DecICoversEmpty 
• Cases [UoyersVarl ICoversll ICovers xl |Covers+l ICoverlHl CoversA, CoversVec: 
Use the i.h. and apply the corresponding declarative rule. 


P / [F]t! = [P]t 2 : k H A Ah [A]TT covers [A] A 


F / ti = t 2 h Fl covers A 

|CoversEq| 

F / [r]t! = [P]t 2 : k H A 

Subderivation 

Ah [A]TT covers [A] A 

Subderivation 

[11] A h [A]TT covers [A]Ao, [A] A) 

By i.h. 

A = (P, 0) By Lemma [88] (|Soundness of Equality Elimination 1 (1) 

mgu(ti,t 2 ) = 0 " 

n 

[a] a = [ 0] [o] r 
[A]n = [0]TT 
([A] A) = ([0]A o ,[0]A) 

By Lemma [93] ([Substitution Upgrade)) (iii) 
By Lemma [931 ([Substitution Upgrade!) () v ) 
By Lemma [931 ([Substitution Upgrade ) (i) 

[0] [0]P h [0]n covers [0]A 

By above equalities 

[£1] T / ti = t 2 h IT covers A 

By DecICoversEq 


• Case 


r / [P]ti = [P]t 2 :k HI 
P / ti = t 2 h n covers A 


|CoversEqBot| 


P / [P]t! A [P]t 2 :k Hi Subderivation 

mgu([r]ti , [P]t 2 ) = _L By Lemma l88l ( [Soundness of Equality Elimination 1 (2) 
mgu (ti , t 2 ) = -L By given equality 

»*• [d]r / ti = t 2 h TT covers A By DecICoversEqBot 


□ 


Lemma 89 (Well-formedness of Algorithmic Typing). 
Given V ctx: 

(i) If T h eh Ap HA then Ah Ap type. 
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(ii) If T h s:Ap>Bt| HA and V h A p type then A h B q type. 
Proof. 1. Suppose Th eH Ap HA: 


• Case 


[x : Ap) € T 

rhxH [r]A p h r 


IW71 


r = (r 0 ,x : Ap, n) (x:Ap)gr 

Th Ap type Follows from F ctx 


• Case 


T h A! type Th ef= [F] A ! H A 
r F (e : A) =£> [A] A ! H A 


lAnnol 


Th A! type 
F — > A 
Ah A! type 
Ah [A] A ! type 


By inversion 

By Lemma [51] ( |Typing Extension] ) 

By Lemma [41] ( [Extension Weakening for Principal Typing ) 
By Lemma [39] ([Principal Agreement!) (0 


• Case 

f h eHAp H0 


P =/ °r q = ! 

0 h s : [0]A p » C q HA or FEV([A]C) ^ 0 
Fh esHCq HA ^ 


Th eH Ap H0 
0 h A p type 
0 h [0]A p type 
0 ctx 

Ohs: [0]A p > C q HA 
•s- A h C q type 


By inversion 
By induction 

By Lemma [40] ( |Right-Hand Subst. for Principal Typing ) 
By implicit assumption 
By inversion 
By mutual induction 


* Case TheHAMe Ohs: [0]A !»C HA 

rhesHCMA 


FEV([A]C) = 0 — 

1— >E-!| 


Th eH Ap H0 
0 h A p type 
0 h [0]A p type 
0 ctx 

Ohs: [0]A p > C 
A h C type 
FEV([A]C) = 0 

A h C! type 


By inversion 
By induction 

By Lemma [40] ( |Right-Hand Subst. for Principal Typing ) 
By implicit assumption 
HA By inversion 

By mutual induction 
By inversion 
By |PrincipalWF| 


2. Suppose Th s:Ap>B(| HA and fh Ap type: 


• Case 


r h • : Ap > Ap 


— |EmptySpine| 


fh Ap type Given 


• Case 


Th ehAp H0 Ohs: [0]B p > C q HA 
Th es:A-iBp»Cq HA 


| — >Spine| 


T h A — > B p type 
Th Bp type 
0 h B p type 
0 h [0]B p type 
A h C q type 


Given 

By Lemma [42] ( [Inversion of Principal Typing^ 

By Lemma [41] ( [Extension Weakening for Principal Typing ) 
By Lemma [40] ( |Right-Hand Subst. for Principal Typing ) 

By induction 
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• Case 


P, & : k b e s : [&/a] A > Cq H A 
F b e s : Va : k. Ap > C q HA 


|VSpine| 


P b Va : k. A p type 
F b Va : k. A type 
F, a : k h A type 
T, & : k, a : k h A type 

F & : k b [&/ a]A type 
Ah C q type 


Given 

By inversion 
By inversion 
By weakening 
By substitution 
By induction 


• Case 


T h P true H 0 0 b e s : [0]A p>Cq HA 

F b es:P3Ap>Cq HA 


|DSpine| 


T b P D A p type 

Given 


T b P prop 

By Lemma 1421 ([Inversion of Principal Typing) 

Tb Ap type 

// 


— > 0 

By Lemma 1471 ( 

Checkprop Extension]) 

0 b A p type 

By Lemma [41J( 

Extension Weakening for Principal Typing ) 

0 b [0]A p type 

By Lemma 1401 ( 

Right-Hand Subst. for Principal Typing ) 

A b C q type 

By induction 



• Case 


e 


r[&2 • *> ft : * = — > S.2] b e s : (&i — > S.2) C HA 

r[& : *] h e s : ft > C HA 


|cxSpine| 


0 b cti — t &2 type By rules 
Ah C q type By induction 


Theorem 8 (Soundness of Algorithmic Typing) . 

Given A — > Cl: 

(i) If T b e <1= A p HA and Tb Ap type then [QJA b [O] e 4 = [OJA p. 

( ii ) If T b eH Ap HA then [OJA b [O] e [OJA p. 

(in) Iff b s:Ap>Bq HA and Tb Ap type then [QJA b [QJs : [QJA p ^ [QJB q. 

(iv) If T b s:Ap>B [qj HA and Tb Ap type then [OJA b [QJs : [QJA p 3> [QJB [q] . 

(v) If T b FT :: A <(= C p HA and Tb A! types and [r]A = A and V b C p type 
then [OJA b [QJfl :: [OJA <= [QJC p. 

(vi) Iff / P b FT :: A <b C p HA and T b P prop and FEV(P) = 0 and [FJP = P 
and P b A ! types and F b C p type 

then [OJA / [QJP b [QJFT :: [QJA <= [QJC p. 

Proof. By induction, using the measure in Definition [71 


• Case 


(x : Ap) g r 
rbxv [rjA p nr 




(x : Ap) g r 

Premise 

(x : Ap) G A 

r = A 

A — > Q 

Given 

x: [n]Ap) G [QJF 

Bv Lemma [9] (lUvar Preservation!) fii) 

[QJF b [QJx =* [QJA p 

Bv|DeclVar| 

A — > Cl 

Given 

r — > q 

F = A 

[QJA = [Q][rjA 

By Lemma|29l ([Substitution Monotonicity) (iii) 

[QJF b [Q]x4[Q][rjAp 

By above equality 


□ 
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• Case 


rhe^Aq H0 0hA<: ± BHA 


• Case 


T b e b= B p 

HA 

Tb eb Aq H0 

Subderivation 

0 b A<: ± B HA 

Subderivation 

0 — > A 

By Lemma [51] (|Typing Extension ) 

A — > a 

Given 

0 — > a 

By Lemma [33] ([Extension Transitivity^ 

[Cl]& b [11] e =» [O] A q 

By i.h. 

[Q]0 = [Q]A 

By Lemma [56] ([Confluence of Completeness!) 

[0] A b [11] e =» [Q]A q 

By above equality 

0 b A <: ± B HA 

Subderivation 

[a] a b [a] a < ± [a]B 

By Theorem [6] ([Soundness of Algorithmic SubtypingP 

[0] A b [Q]e 4= [Cl] B p 

BvlDecISubl 

F b Ao! tvpe f b ep b [F] Ap ! HA 


T I- (eo : Aq) =$■ [A]Aq ! H A 


n-e 0 <S= [r]A 0 ! HA Subderivation 

[H]A b [11] eo b= [n][F]A 0 ! Byi.h. 

T h Ao! type Subderivation 

T b Ao type By inversion 

FEV(Ao) = 0 


• Case 


• Case 


r — > A 

By Lemma 15 11 ((Typing Extension) 

A — > Cl 

Given 

r — > a 

By Lemma [33] ([Extension TransitivityP 

Qb Ao type 

By Lemma 1361 ([Extension Weakening (Sorts) ) 

[H]H b [Q]A 0 type 

By Lemma [16] ([Substitution for Type Well-Formedness ) 

[n]o = [O] a 

By Lemma [54] ([Completing Stability ) 

[Cl] A b [n]A 0 type 

By above equality 

[D][r]A 0 = [Q]A 0 

By Lemma [29l ([Substitution Monotonicity 1 (iii) 

[a] A b [Q]eo 4= [a]A 0 ! 

By above equality 

IDIA b (IHIen : iniAnl IHIAn ! Bv|DeclAnno| 

[£1]Aq = Ao 

From definition of substitution 

[11] A b [Q](e 0 : Aq) =b [11] Ao ! By above equality 

m 

rb o bip h^ 


[01 A b O b 1 p BvfDec 

m 

[H] A b [Q]Q b= [11] 1 p By definition of substitution 

r 0 [a : *]b o ^a/Hr 0 [a : * = 

M 1 ™ 

F 0 [&:* = 1] — > Cl 

Given 

[oja= [a][A]a 

By Lemma [29l ([Substitution Monotonicity) (i) 

= [Cl]l 

By definition of context application 

= i 

By definition of context application 

[Q]Ab 0 <(= 1/ 

Bv|Declll| 

[11] A b [H] 0 b= [Q]ft/ 

By above equality 
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• Case v r, a : k h v Ao p H A, a : k, 0 

P b v <(= Va : k. Ao p HA 


m 


A 


a 


Given 


A, a — > £1, a 
P, a — > A, a, 0 
0 soft 


A, a, 0 — > £1, a, |0| 


Q' 


Bv l — >Uvarl 

By Lemma [51] ( |Typing Extension I 

By Lemma 1221 (lExtension Inversion!) (i) (with Tr = •, which is soft) 
By Lemma 1251 ( [Filling Completes - ] ) 


f, a h v (= Aq p HA' Subderivation 


[£1']A' b [£l]v 4= [QIAo P 
[0']A O = [Q]A 0 
[Q']A' b [£l]v 4= [Q]Ao P 


By i.h. 

By Lemma [T71 ( [Substitution Stability] ) 
By above equality 


A, a, 0 — > £1, a, |0| 

A' V q) " 

0 is soft 
[Q1A' = ([fl]A,a] 

[£T]A, a h [£l]v 4= [£1]A 0 p 


Above 

Above 

By Lemma [53] ( |Softness Goes Away ) 
By above equality 


•S’ 


[11] A b [Q]v <4= Va. [n]A 0 p Bv IDecIVII 

[11] A b [D]v 4= [11] (Va. Aq) p By definition of substitution 


• Case 


fi & : k b e so : [&/<x]Ao /> C q HA 
Lb e so : Va : k. Ao p > C q HA 


|VSpine| 


P, & : k b e so : [&/a] Ao / » C q HA 
[H]A b [Q](e s 0 ) : [£l][&/a]A 0 /> [Q]C q 
[Q]A b [£l](e s 0 ) : [[Q] fit/a] [Q]A 0 / > [Q]C q 


Subderivation 
By i.h. 

By a property of substitution 


P, & : k b & : k 
fi & : k — * A 

A b & : k 

a — > n 

[11] A b [Q]ft: K 

[11] A b [11] (e s 0 ) 
•s- [11] A b [£l](es 0 ) 


Bv IVarSortl 

By Lemma [511 ( Typing Extension ) 

By Lemma [36] ( Extension Weakening (Sorts) ) 
Given 

By Lemma [58] ([Bundled Substitution for Sorting ) 


: Va : k. [11] A 0 p » [11]C q 
: [£l](Va : k. A 0 ) p > [£1]C q 


By|DeclVSpine 


By def. of subst. 
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Case 


: chk-I T h P true H 0 0h e{= [0 ]Aq p HA 


Fb e 4= Aq APp H A 


ED 


r I— P true H 0 

a — > a 

0 — > A 

0 — > a 

[Q]0 b [£1]P true 
[H]A (- [H]P true 

0 b e 4= [0]Ao p H A 
[Cl] Ah [Q]e4= ([Q][0]Ao)p 
[Cl ] A b [Q]e 4= (lO][0]A o ) A [£>]P p 
[Q][0]A o = [Q]A 0 

[Q]Ah [Q]e 4= ([d]A 0 ) A [0]P p 
MAh [Q]e^[Q](A 0 AP)p 


Subderivation 

Given 

By Lemma [51] ( [Typing Extension ) 

By Lemma 1331 ( [Extension Transitivity^ 

By Lemma [87] ( [Soundness of CheckpropP 
By Lemma [56] ( [Confluence of Completeness] ) 

Subderivation 
By i.h. 

Bv IDeclAil 

By Lemma [29] ( [Substitution Monotonicity ) (iii) 
By above equality 
By def. of substitution 


• Case 


F b t = zero true H A 
F b [] 4= (Vec t A) p H A ‘ 


A 


m 


F b t = zero true 
A — > Cl 

[O] A b [O] (t = zero) true 

[H]A b [Cl]t = zero true 

[Q]A b [0] [] 4= (Vec [Q]t [Q]A) p 


• Case 


F, ►&, ct : N b t = succ(&) true H f' 


Subderivation 

Given 

By Lemma [87] ( [Soundness of Checkprop ) 
By def. of substitution 
Bv IDecl N ill 

r' b ei 4= [r']A 0 p H 0 
0be 2 b [0](Vec dt A 0 ) / HA, ►&, A' 


T b :: e 2 4= (Vec t Ao) p H A 

F, ► &, & :Nbt = succ(&) true H T' 

A — > Cl 
F' — > 0 
0 — > A, ► &, A' 

A, ►&, A' — > Cl' 

F' — > Cl' 

[DT' b [0'](t = succ(&) ) true 
[O'] (A, ►<*, A') b [G)'](t = succ(&) ) true 
[0'](A, ►a, A') b [0](t = succ(cf)) true 
[OJA b [0](t = succ(cf)) true 
[d]A b ([0]t) = succ([G>]60 true 

T' b ei 4= [r']A 0 p H 0 
[Q']0b [file, 4= ([Q'][r']A 0 )p 
[OflAo = [flIAo 

[0']0 b [Cl']e i 4= [Q']A 0 p 
[Q]A b [Q]ei 4= [Q]Ao p 

0be 2 b [0](Vec ft A 0 ) / HA, ► &, A' 
[0'](A, ► &, A') b [Cl']e 2 4= [Q'][0](VecaA o )/ 

MAh [Cl]e 2 4= [0](Vec & A 0 ) / 

[Q]A b [Cl]e 2 4= (Vec ([£>]&) [0]A O ) p 

[H]A b ( [O] e , ) :: [Cl]e 2 4= Vec (LQ]t) [Cl] Ao p 
[0]A b [O] (ei :: e 2 ] 4= [0](Vec t A 0 ) p 


TConsI 

Subderivation 

Given 

By Lemma [51] ( Typing Extension I 
By Lemma [51] ( Typing ExtensionP 
By Lemma [25] ( Filling Completes] ) 

By Lemma [33] ( Extension TransitivityP 
By Lemma [87] ( Soundness of CheckpropP 
By Lemma [56] ( Confluence of Completeness] ) 

By Lemma [TTl ( Substitution Stability) 

By Lemma l52l ( Context Partitioning] ) + thinning 
By def. of substitution 

Subderivation 
By i.h. 

By Lemma 1291 ( [Substitution Monotonicity ) (iii) 
By above equality 
Similar to above 

Subderivation 
By i.h. 

Similar to above 
By def. of substitution 


Bv IDecIConsI (premises: 1, 2, 3) 
By def. of substitution 
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* Case vchk-I 


r> P /PH0+ 0 + F v <(= [0 + ]A o ! H A, ►p, A' 
F h Aq ! H A 


ED 


F h A ! type 
FEV([r]A) = 0 
FEV([r]P) = 0 


Given 

By inversion on rule PrincipalWF 

A = (PD Ao) 


F, ►p /PH 0 + Subderivation 

F, ►p / cr = t : k H 0 + By inversion 
FEV ( [F] cr) U FEV([F]t) =0 By FEV([F]P) = 0 above 


0+ = (r,^ P ,0) By Lemma l88l ( [Soundness of Equality Elimination ) 

[0',0]t' = [0][T, ►p]t / " (for all 0' extending (F, ►p) and t' s.t. Q'F t': k') 

0 = mgu(cr, t) " 


A — > Cl 
0+ —4 A, p-p, A' 

r, p-p, 0 — > a, p-p, a' 

Let 0+ = (Q.p.p.A') 
A, p-p, 0 — > Cl, p-p, A' 

©+ — > a + 


Given 

By Lemma [51] ( [Typing Extension ) 

By above equalities 

By repeated | — >Eqn 

By Lemma [33] ([Extension Transitivity^ 


[0 , ,0]B = [0][F,p-p]B By Lemma |93| ( [Substitution Upgrade] ) (i) 

(for all Cl' extending (F, p-p and B s.t. Q'h B: k') 
0 + Fv<= [0 + ]Ao ! H A, p-p, A' Subderivation 
[n+](A,p. P ,A') h [0]v4= [0 + ][0 + ]Ao ! By i.h. 


r,p . P ,0 — > ci, p-p, a' 
r — > ci 

[0+][0+]A o = [0+]A o 

= [0][0, p-p]Ao 

= [0][n]A o 
[0,p p ,0](A,p p ,A') = [0][O]A 

[0][Q]AI- [Q][0]v4= [0][n]A o ! 


By Lemma [33] ( [Extension Transitivity ) 

By Lemma [22l ([Extension Inversion!) 

By Lemma [29] ( [Substitution Monotonicity ) 
Above, with (0, p-p) as 0' and Ao as B 
By def. of substitution 

By Lemma [93] ( [Substitution Upgrade] ) (iii) 
By above equalities 


[0 + ](A, p-p, A') / (cr = t) h [0]v^[0]A o ! 

[0 + ](A, p-p, A') = [0]A 
[0]A / (a = t) b [0]v 4= [0]A O ! 

[0] Ah [0]v^= (a = t) D [0]A O ! 

[0]A h [0]v <(= ([0](j = [0]t] D [0]A O ! 


By DecICheckUnifyl 

From def. of context application 

By above equality 

Bv IDecIpi] 

By FEV condition above 


• Case 


v chk-I f, p-p / P H 1 


r h v 


pda 0 m r 

A 


I51TI 


r, p-p / phi 

F, p-p / ffAt: k HI 
P= (CT = t) 

FEV ( [F] cr) U FEV([F]t) = 0 
mgu(cr, t) = _L 


Subderivation 

By inversion 
n 

As in [dT] case (above) 

By Lemma [88] ([Soundness of Equality Elimination ) 
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[£1]A / (cr = t) F [£l]v <(= [£1]A 0 ! Bv IDecICheckTl 

[O] A F [Q]v (cr = t) D [Q]Ao ! Bv IDecl^ll 

[a] A F [£l]v <(= ([£l](cr = t)) D [£l]Ao ! By above FEV condition 

[£1] A h [£l]v <(= [O] (P D Ao) ! By def. of subst. 

Let £1' = Cl. 

Cl — > £1' By Lemma l32l ( [Extension Reflexivity] ) 

A — > Cl' Given 


• Case 


T F P true H 0 0 F e so : [0]A O p > C q HA 

Th eso:PDAop^Cq HA 

0 h e so : [0]A O p > C q HA 


|pSpine| 

Subderivation 


0 

A 

0 


A 

Cl 

Cl 


By Lemma [51] ( |Typing Extension ) 
Given 

By Lemma 1331 ([Extension Transitivity I 


[Cl] A F [n](e s 0 ) : [n][0]A o p»[Q]Cq 
[Q][0]A o = [Q]A 0 

[Cl] A F [Q](e s 0 ) : [£1]A 0 p » [Q]C q 

T F P true H 0 
[£1]0 F [£1]P true 
[O]0 = [11] A 
[Cl] A F [11] P true 


By i.h. 

By Lemma [29l ( [Substitution Monotonicity I (iii) 
By above equality 

Subderivation 

By Lemma [95] ( [Completeness of Checkprop I 
By Lemma l56l ( [Confluence of Completeness] ) 
By above equality 


[£1]A F [11] (e so) : ([£1]P) D [£1]A 0 p » [£1]C q By |Decli)Spine| 
[£1]A F [£l](e so) : [£1](P D A 0 ) p 3> [£1]C q By def. of subst. 


• Case 


f, x : Ai p F eo <(= A 2 p H A,x : A] p,0 


T F Ax. eo Ai — > A 2 p HA 
A — > Cl 

A, x : Ai p — > £l,x : [£l]Ai p 
T, x : Ai p — > A, x : Ai p, 0 
0 soft 

A, x : Ai p, 0 — > £1, x : [£1] Ai p, |0| 


nn 


Given 
Bv l — A/arl 

By Lemma [51] ( [Typing Extension ) 

By Lemma 1221 ([Extension Inversion!) (v) 
(with Fr = •, which is soft) 

By Lemma [25] ([Filling Completes' I 


A' Q' 

F, x : Ai p F eo <(= A 2 p HA' 

[£1']A' F [Q]e 0 [Q']A 2 p 

[£1']A 2 = [Q]A 2 
[£1']A' F [£l]e 0 [Q]A 2 p 

A, x : Ai p, 0 — > Cl, x : [£1] Ai p, |0| 


Cl' 


0 soft 


Subderivation 
By i.h. 

By Lemma [T7] ( [Substitution Stability ) 
By above equality 

Above 

Above 


[£1']A' = ([£l]A,x: [£l]Ai p) By Lemma l53l ( [Softness Goes Away ) 


[£1]A, x : [£l]Ai p F [£l]e 0 <(= [£1]A2 p By above equality 
[£1]A F Ax. [Q]e 0 <= ([£l]Ai ) -> ([Q]A 2 ) p Bv IDecI— >11 

*r [£1]A F [£l](Ax. e 0 ) [O] ( A 1 — > A 2 ) p By definition of substitution 


• Case 


v chk-I r,x:ApF vb Ap HA, x : A p, 0 
T F rec x. v <(= A p HA 
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Similar to the l— di case. applying IDecI Reel instead of lDecI Til 


• Case 


F[fti ft : * = fti : fti / b eo <1= &2 / H A, x : fti /, 0 


m-.-k] b Ax.e 0 <=a/HA 


BE 


F[fti:*, & 2 '*) ft : * = fti— >ft 2 l,x : ft/ — ■> A, x : ft/,0 

0 soft 


By Lemma [51] ( [Typing Extension I 
By Lemma l22l ([Extension Inversion!) (v) 
(with r R = •, which is soft) 


r [ft i ft : * = fti — >1X2] 


A 


A — > 0 Given 

A, x : fti / — * 0, x : [0] fti / Bv l — >Varl 

A,x : fti /,0 — > 0,x : [O] fti /, |0| By Lemma [251 ( [Filling CompletesP 
A' n' 

P[fti & 2 :*, ft : * = fti — >& 2 ], x : fti / b e 0 <1= ft -2 / H A, x : fti /, 0 Subderivation 
[OIA' h [0']e o <(= [0']ft 2 / By i.h. 

[0 '] ft 2 = [0, x : [0] fti /] ft 2 By Lemma [171 ( [Substitution StabilityP 

= [0] &2 By definition of substitution 

[0']A' = [0, x : [0]fti /] (A, x : fti /) By Lemma l53l ( [Softness Goes Away ) 

= [0]A, x : [0] fti / By definition of context substitution 

[0]A, x : [0]fti / h [0]eo <1= [0]&2 / By above equalities 


[0] A b Ax. [0] e 0 <= ( [0] fti ) -» [0] ft 2 / Bv lDed->ll 
T[fti ft 2 :*, ft : * = fti — > 612 ] — > 0 Above and Lemma 1331 ( [Extension Transitivity^ 

[0] ft = [0] [F] ft By Lemma [29] ( [Substitution Monotonicity I (i) 

= [0] ( ( [F] fti ) — > [F]ft 2 ) By definition of substitution 
= ( [0] [FJ fti ) — > ( [0] [FJ ft 2 ) By definition of substitution 

= ( [0] fti ) — r ( [0] ft 2 ) By Lemma 1291 ( [Substitution Monotonicity I (i) 

»*• [0]A I— [0](Ax. eo) <1= [0]ft/ By above equality 


• Case 


Tl- eo=^Aq H 0 0 h so : A q > C [p] H A 

F b eoSo=^Cp HA 

T b eo =1 A q H 0 
0 b so : A q > C [p] HA 
F — > 0 and 0 — > A 
A — > 0 
0 — > 0 
F — > 0 

[0]F = [0]0 = [0]A 
[0]F b [0]e o ^ [0]A q 
[0]A b [0]e o =» [0]A q 


Subderivation 

Subderivation 

By Lemma [51] ( |Typing Extension ) 

Given 

By Lemma [33] ( [Extension Transitivity I 
By Lemma [33l ( [Extension Transitivity! ) 

By Lemma l56l ( [Confluence of Completeness) ) 
By i.h. 

By above equality 


[0]0 b [0]s o : [0]A q > [0]C [pi By i.h. 


[0]A b [0](eo So) 

• Case 


[0]C p 

rbs:A!»C/HA FEV(C) = 


By rule lDed ■ El 


- |5pineRecover| 


Fb s : A ! » C [!] HA 

Tb s:A!>C/HA Subderivation 

[0]F b [0]s : [0]A ! > [0]C q By i.h. 

We show the quantified premise of DeclSpineRecover[ namely, 

for all C'. 

if [0]0 b s : [0]A ! > C'/ then C' = [0]C 
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Suppose we have C' such that [fl]r h s : [Cl] A ! 3> C' /. To apply [Dec ISpineRecover we need to 
show C' = [C1]C. 


[Q]rh [D]s : [a] A ! > C'/ 

Clcanon ^ Cl 

dom(Cl canon ) = dom(r) 
r i o 

1 ' ^-t-canon 

[Q]r = [a canon ]r 

[Q]A = [Cl canon ]A 

[a 

canon ]T b [Q]s : [Cl canon ]A ! > C'/ 

r h s : [r]A ! » C" q H A" 

Clcanon — » Cl" 

A" ■> Cl" 

C = [C1"]C" 


Assumption 

By Lemma [59l ([Canonical Completion!) 


By Lemma [57] ( [Multiple Confluence ) 

By Lemma l55l ( [Completing Completeness] ) (ii) 
By above equalities 


By Theorem [TT] ([Completeness of Algorithmic Typing ) 


C" = C and q =/ and A" = A By Theorem [5] ([Determinacy of Typing I 


C' = [C1"]C" 
= [C1"]C 

= [Clcanon] Cl 
= [C1]C 


Above 

By above equality 

By Lemma l55l ( [Completing Completeness] ) (ii) 
By Lemmal55l ([Completing Completeness ) (ii) 


We have thus shown the above “for all C'. ...” statement. 


•s’ [Cl]r b [11] s : [Cl] A ! [Cl] C [!] By DecISpineRecover 

* Case L h s : A p » C q H A ((p = /) or (q = !) or (FEV(C) ^ 0)) 

rh s:Ap>C[q] HA 

Tl- s:Ap>Cq HA Subderivation 

[C1]T b [ll]s : [Cl] A p»[Q]Cq By i.h. 

[Cl] F b [Cl] s : [Cl] A p [C1]C [q] By |DeclSpinePass 


|SpinePass] 


• Case 


; |EmptySpine| 


rh ■ : a p » a p nr 

er [D]rh -:[Q]Ap ^ > [C1]A p By |DeclEmptySpine 
• Case r h e 0 <= At p H 0 0 b s 0 : [0]A 2 p»Cq HA 


r b e 0 s 0 : At -> A 2 p » C q HA 


| — »Spine| 


A 

0 

0 


Cl 

A 

Cl 


Given 

By Lemma [511 ( |Typing Extension] ) 

By Lemma [33] ([Extension Transitivity I 


T b eo b Ai p H 0 Subderivation 
[C1]0 b [Cl]e 0 <1= [Cl] Ai p By i.h. 

[C1]0 = [Cl] A By Lemma l56l ( [Confluence of Completeness ) 

[Cl] A b [Cl]eo <1= [Cl]Ai p By above equality 

0 b so : [0]A 2 p ^ C q HA Subderivation 

[Cl] A b [Cl] s 0 : [Cl] [0]A 2 p » [£1]C q By i.h. 

[C1][0]A 2 = [C1]A 2 By Lemma 1291 ( [Substitution Monotonicity ) 

[Cl] A b [Cl] so : [C1]A 2 p 3> [C1]C q By above equality 


[Cl] A b [Cl] ( e 0 so) : ( [Cl] An ) — i [C1]A 2 p > [Cl] C q By |Decl^Spine| 
[Cl] A b [Cl] ( eo so) : [Cl](Ai — ■» A 2 ) p 3> [C1]C q By def. of subst. 
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• Case 


T I- e 0 4= A k p 1 A 
T b inj k eo 4= A] + A 2 p HA 


E b e 0 4 = A k p HA 
[11] A b [Q]e 0 4= [Q]A k p 
[Q]A b inj k [Q]e 0 4= ([Q]A,) + ([n]A 2 ) p 
•s- [£1]A b [n](inj k e 0 ) 4= [H](Ai + A 2 ) p 


Subderivation 
By i.h. 

By |Decl+l k l 

By def. of substitution 


• Case 


F[&i : &2 ; *> ft : * = &i +a 2 ] b eo 4= a k /HA 

f[& : *] b inj k eo 4= 61/ H A 




P[. +a 2 ] b eo 4 = a k / HA 

[Q]Ab [Q]e 0 4= [Q]ft k / 

[Q]A b inj k [Q]e 0 =* ([Q]&i ) + ([0]& 2 ) / 

(tmao + anifti) = [o]a 

[Q]Ab [£l](inj k e 0 ] =» [Q]ft/ 


Subderivation 
By i.h. 

By |Decl+l|~1 

Similar to the I— » I Pl ease (above) 
By above equality / def. of subst. 


• Case 


Tb ei 4= A] p H0 0be 2 4= [0]A 2 p 
T b (ei , e 2 ) 4= A] x A 2 p H A 


0 b e 2 4= [0]A 2 p H A 
0 — > A 

0 — > a 


Subderivation 

By Lemma [51] ( [Typing Extension ) 

By Lemma [33l ([Extension Transitivity ) 


F b ei 4 = Ai p H 0 

[O]0b [Q]e, 4= [n]A! p 
[11] A b [Q]ei 4= [n]A! p 


Subderivation 
By i.h. 

By Lemma l56l ([Confluence of Completeness]) 


0 b e 2 4 = [0]A 2 p H A 
[Q]A b [Q]e 2 4= [fl][0]A 2 p 
F b Ai x A 2 type 
T b A 2 type 

r — > 0 

0 b A 2 type 

[Q]A b [Q]e 2 4= [Q]A 2 p 

[H]A b ([Die, , [Q]e 2 ) 4= ([0 ]At ) x [Q]A 2 p 
•S- [Q]Ab [n](ei,e 2 ) 4= [0](Ai x A 2 ) p 


Subderivation 
By i.h. 

Given 

By inversion 

By Lemma [51] ( Typing Extension! ) 

By Lemma [38] ( Extension Weakening (Types) | ) 
By Lemma [29] ( Substitution Monotonicity|) 


By lDeclxl] 

By def. of substitution 


• ase x& 2 ] b e-\ 4= &i / H 0 0 b e 2 4 = [0] & 2 /HA 

: *] b (ei , e 2 ) 4 = &/ H A 


a — > a 

0 — > A 
0 — > Cl 

T[. &i x & 2 ] b ei 4= &i / H 0 

[Q]0b [Q] ei 4= [Q]fti/ 
[Q]0 = HU A 
[Q]Ab [Q] ei 4= [Q]fti/ 


Given 

By Lemma [51] ( [Typing Extension I 
By Lemma [33] ( [Extension TransitivityP 
Subderivation 
By i.h. 

By Lemma l56l ( [Confluence of Completeness] ) 
By above equality 


0 b e 2 4= [0] a 2 / H A Subderivation 
[11] A b [ll]e 2 4= [O][0]& 2 / By i.h. 

[H] [0] &2 = [H] a 2 By Lemma [29] ( [Substitution Monotonicity I 

[11] A b [Q]e 2 4= [11] & 2 / By above equality 
[Cl] A b <[Q]ei , [Q]e 2 > 4= ([Q]fti ) x [Cl] & 2 / Bv IDeclxll 
([llJS-i ) x [H]& 2 = [D] a Similar to the I— >iai case (above) 

[Q]Ab [H](ei , e 2 ) 4= [H]&/ By above equality 
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• Case 


r[& 2 - I - 60 so : (S-i — > S.2) / > C / H A 


r [& : *] b e 0 s 0 


» c. 


A 


|«Spine| 


• Case 


T[. = &i —> 6 ^ 2 ] b eo so : (&i -)^ 2 )/>C/HA Subderivation 

[Q]AI- [Q](e 0 s 0 ) : [Q](fti -» & 2 )/» [H]C/ Byi.h. 

[11] (&i — ■» & 2 ) = [H]& Similar to the I— >1(51 case 

[H]A b [Q](e 0 so) : [H]&/ 3> [H]C / By above equality 

n-e o =bB!H0 0 b FT :: [0]B <= [0]C p HA A b IT covers [A]B 


T b casefeo, FT) <(= C p HA 


ICasel 


TbeoHB! H 0 
0 — > A 
0 — > Q 

[Q]0 b LQ]e 0 4 [Q]B ! 

[11] A b LQ]e 0 =#• [H]B ! 

0 b 17:: [0]B [0]Cp HA 

F b eo =4 B ! H 0 
0 b B ! type 

TbCp type 
F — > 0 
0 b C p type 
0 b [0] C p type 

[OlAb LQ]TT:: [11] B <(= [Q][0]Cp 
[11] [0] C = [11] C 

[H]A b [Q]TT :: [Q]B <= [Q]C p 


Subderivation 

By Lemma [5ll ( |Typing ExtensionP 
By Lemma [33] ( [Extension Transitivity I 
By i.h. 

By Lemma [56] ( [Confluence of Completeness] ) 

Subderivation 

Subderivation 

By Lemma l63l ( |Well-Formed Outputs of Typing] ) (Synthesis) 
Given 

By Lemma [5TI ( [Typing ExtensionP 

By Lemma [41] ( [Extension Weakening for Principal Typing ) 
By Lemma [40] (|Right-Hand Subst. for Principal Typing ) 


A b FI covers [A] B 
[A][A]B = [A] B 
0 b B ! type 
A b B ! type 
A b [A]B ! type 
[H]A b [H]TT covers [A]B 
[A]B = [11] B 

[11] A b [11] FT covers [H]B 


By i.h. (v) 

By Lemma [29l ( [Substitution Monotonicity ) 

By above equalities 

Subderivation 

By idempotence of substitution 

By Lemma [63] ( [Well-Formed Outputs of Typing ) 

By Lemma [41] ( [Extension Weakening for Principal Typing I 
By Lemma [40] ( [Right-Hand Subst. for Principal Typing ) 

By Theorem[7] ( [Soundness of Match Coverage ) 

By Lemma l39l ( [Principal Agreement] ) (i) 

By above equality 


**• [D]Ab [H]case(eo, FT) < 6 = [H]Cp Bv IDecICasel 
Part (v): 

• Case Match Empty: Apply rule Peel Match Empty] 

• Case 


T b ebCp 


- IMatchBasel 


rb (■ 4 e) ::•<(= C p HA 
Apply the i.h. and IDecI Match Basel 

• Case MatchUnit: Apply the i.h. and IDecI Match Un'itl 

• Case rh7T: . a <(= C p H 0 0bn'::AbCpH 


- |MatchSeq] 


rb 7t nr "AbCpHA 

Apply the i.h. to each premise, using lemmas for well-formedness under 0; then apply|DeclMatchSeq] 
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• Cases [MatchHIfMatchAlfMatchWi Idl I Match Ni II IMatchConsI 
Apply the i.h. and the corresponding declarative match rule. 

• Cases [Matchx[[Match+p[ 

We have F b A ! types, so the first type in A has no free existential variables. 
Apply the i.h. and the corresponding declarative match rule. 


• Case 


A not headed by A or 3 F, z : A ! b p4e'::Al=Cp H A, z : A !, A' 
Fh z,p4e:: A,Al=Cp HA 


|MatchNeg| 


Construct 0' and show A, z : A !, A' — > Cl' as in the l— di case. 
Use the i.h., then apply rule DeclMatchNeg[ 

Part (vi): 


• Case 


T / (jAtik HI 


r / cr = t I— ppe :: A <= C p 

F / u1t:k Hi 
[F] (cr = t) = (ct = t) 

(cr = t) = [F] (cr = t) 

= [O] (cr = t) 
mgu(cr,T) = J_ 
mgu([0]cr, [H] t) = _L 


— IMatch-Ll 

r 

Subderivation 

Given 

Given 

By Lemma [29] ( [Substitution Monotonicity ) (i) 

By Lemma [88] ( [Soundness of Equality Elimination I 
By above equality 


[0]F / [0](cr = t) b [LI] (ppe) :: [OJA A= [0]C p Bv IDecIMatchAl 


• Case 


F, ► p /oAt:k HF' F' b p => e :: A A C p HA, ►p, A' 


T / cr = t b p A e :: A A C p HA 

F, ►p / cr A x : k H F' Subderivation 

(cr = t) = [r] (cr = t) Given 

= [0](cr = t) 

f' = (r> P ,0) 

0= ((ai =t] ),..., (a n = t n )) 

0 = mgu([0]cr, [Q] t) 

[ci, ►?,©]!' = [0][n, ►pit' 

[►p,0h p Ae::AACp 


|MatchUnify| 


By Lemma 1291 ( [Substitution Monotonicity 1 (i) 

By Lemma [88] ([Soundness of Equality Elimination ) 


" for all 0, ►p b t ' : k' 
A, ^p, A' 


Subderivation 

[0, ►PjOJfA, ^p, A') b [0, ► P ,0](p e) :: [0, ► P ,0]A A= [0, ►p^lCp By i.h. 


By Lemmal93l ([Substitution Upgrade]) (iii) 


By Lemma [93] ( Substitution Upgrade I (i) 
By Lemma [93] ( Substitution Upgrade I (i) 


(0> ►P) 0) = [0](0,*p) 

[0, ► P ,0]A = [0] [0, ►plA 
[0,*- P ,0]C= [0] [0, ►pJC 

[0,^P,0](p A e) = [0] [0] ( p e) By Lemma [93] (Substitution Upgrade) (iv) 

0([0, ►pJT) b [0] [0] ( p e) :: 0([0, ►plA) A= 0([0, ^-plC) p By above equalities 

0([0]F) b [0] [0] ( p e) :: 0([0]A) A= 0([0]C) p Subst. not affected by ►p 

er [0]F / [0] (cr = t) b [0] (p =A e) :: [0]A 


[0] C p By DecIMatchUnify 


□ 


L' Completeness 

L'.l Completeness of Auxiliary Judgments 

Lemma 90 (Completeness of Instantiation) . 

Given T — > 0 and dom(F) = dom(0) and F b x : k and x — [F]t and & € unsolved(F) and 6t £ FV(t); 
If[0]6t = [0]t 

then there are A, 0' such that 0 — > 0' and A — > 0' and dom(A) = dom(0') and V b 6t := x : k HA. 
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Proof. By induction on t. 

We have [H]r b [11] & <* [H]A. We now case-analyze the shape of x. 


• Case t = ( 3 : 


&<£ FV$) 

[3 € unsolved]®) 


Given 

From definition of FV(— ) 
From [f]0 = 0 


Let O' = Q. 

»*■ 11 — > O' By Lemma l32l ( [Extension Reflexivity] ) 

Now consider whether a is declared to the left of or vice versa. 


- Case F = r 0 [& : k][$ : k]: 


Let A = r 0 [6t : k][$ : k = &]. 
Ft-&:=j3:K-|A 

[n] a = [o]$ 
r — >0 
•s- a — > n 

•s- dom(A] = dom(H') 


Bv llnstReachl 

Given 

Given 

By Lemma [27l ([Parallel Extension Solutionl) 
dom(A) = dom(F) and dom(O') = dom(H] 


- Case (F = To [j3 : k] [a : k] : 

Similar, but using [TnstSolvel instead of llnstReachl 


• Case t = a: 

We have [H]a = a, so (since H is well-formed), <x is declared to the left of a in H. 

We have F — > H. 

By Lemma UZTI ([Reverse Declaration Order Preservation!) . we know that a is declared to the left of a 
in F ; that is, F = FL[a : k] [ 6t : k]. 

Let A = Fl[oc. : k] [ 6t : k = a] and O' = H. 

Bv llnstSolvel ri_[a : k] [a : k] b a := a : k HA. 

By Lemma [27l dParallel Extension Solutionl) . Fl[oc. : k] [a : k = a] — > H. 

We have dom(A) = dom(r) and dom(O') = dom(H); therefore, dom(A) = dom(Q'). 

• Case t = 1: 

Similar to the x = a case, but without having to reason about where a is declared. 

• Case t = zero: 

Similar to the x = 1 case. 


• Case t = ti ® X2'. 


[a] a = [a] ( t, ® x 2 ) 

= ([h]ti] ® ([h]t 2 ] 


Given 

By definition of substitution 


Ti ffi t 2 = [F](ti ® t 2 ] 
Ti = [F]Ti 
t 2 = [F]t 2 


Given 

By definition of substitution and congruence 
Similarly 


a ^ fv(ti ® t 2 ) 
a i fv(t! ] 
a^ fv(t 2 ) 

r = F 0 [a : ★] 
r — > a 

r 0 [a : *] — > r 0 [a 2 : ai : a : ★] 

. . . , a 2 , ai b ai ® a 2 : * 
r 0 [a 2 , a, , a] — > r 0 [a 2 , ai , a = ai ® a 2 ] 
r 0 [a] — > r 0 [a 2 , ai , a = ai ® a 2 ] 


Given 

From definition of FV(— ) 
Similarly 


By a G unsolved(r] 

Given 

By Lemma [23] ( |Deep Evar Introduction ) 
Straightforward 

By Lemma [23] ( |Deep Evar Introduction ) 
By Lemma [33] ([Extension Transitivity I 


(i) twice 

(ii) 
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(In the last few lines above, and the rest of this case, we omit the *” annotations in contexts.) 
Since ft G unsolved(F) and P — > 12, we know that 12 has the form I2o[& = To]. 

To show that we can extend this context, we apply Lem ma 1231 (|Deep Evar Introduction I (iii) twice 
to introduce &2 = x 2 and fti = xi, and then Lemma l28l ([Parallel Variable Update I to overwrite tq: 


Q 0 [& = T 0 ] > O. 0 [&2 = X2, fti = Ti , ft = fti © &2] 

n 


We have P — > 12, that is, 

r 0 [a] — * cio [ft = x 0 ] 

By Lemma [26] ( Parallel Admissibility] ) (i) twice, inserting unsolved variables fti and eft on both 
contexts in the above extension preserves extension: 


r 0 [&2, &i , ft] — > flo[&2 = X2, = xi , ft = To] By Lemma l 26 l ( [Parallel Admissibility! ! (ii) twice 

r 0 [&2, &i , ft = &i ©&2] — > Oo[&2 = T2, = Ti , 6 t = cti ©fe] By Lemma [ 28 l ([Parallel Variable Updatel) 

V v y v y 

n n. 

Since ft ^ FV(t), it follows that [P| ] t = [P]t = t. 

Therefore fti ^ FV(ti ] and fti , 0I2 £ FV(t 2 ). 

By Lemma 1551 ( [Completing Completeness] ) (i) and (iii), [£H 1 ] Ti = [12] P and [I2i]fti =ti. 

By i.h., there are A 2 and CI2 such that Ti h fti := Ti : k H A 2 and A 2 — > D.2 and I2i — > 122- 

Next, note that [A 2 ][A 2 ]t 2 = [A 2 ]t 2 - 

By Lemma [64l(lLeft Unsolvedness Preservation!) . we know that 6L2 G unsolved(A 2 ). 

By Lemma l65l(lLeft Free Variable Preservation!) , we know that &2 ^ FV([A 2 ]t 2 ). 

By Lemma [33l ( [Extension Transitivity] ), II — > 122- 
We know [I22]A2 = [12] P because: 


[O 2 ] A 2 = [Q-2]Q-2 By Lemma [54] (Completing Stability! 

= [Q]I2 By Lemma [55] (Completing Completeness! (iii) 

= [12] T By Lemma |54l ( Completing Stability^ 


By Lemma [55l ( Completing Completeness I (i), we know that [O 2 ] ft -2 = [12 1 ] &2 = T 2 . 
By Lemma [55l ( Completing Completeness I (i), we know that [0.2^2 = [O] T 2 - 
Hence we know that [0.2\A2 h [O 2 ] ft -2 <* [ 02 ] T 2 . 

By i.h., we have A and Cl' such that A 2 b &2 := [A 2 ]t 2 : k H A and CI2 — » Cl' and A 
By rule llnstBml PI- ft := t : k HA. 

By Lemma [33l ( [Extension Transitivity] ), II — ■> Cl'. 


• Case t = succ(to) : 
Similar to the t = Ti 


) T 2 case, but simpler. 


Cl'. 


□ 


Lemma 91 (Completeness of Checkeq). 

Given T — > Cl and dom(P) = dom(I2) 

and P h a : k and Th t:k 

and [12] a = [12 ] t 

then P h [P]if= [P]t : k H A 

where A — * 12' and dom(A) = dom(I2') and Cl — > 12'. 

Proof. By mutual induction on the sizes of [P] cr and [P]t. 
We distinguish cases of [P] cr and [P]t. 


• Case [P] cr = [P]t = 1: 


•S’ 


«■ 

•S’ 

•S’ 


TI- 1 = 1:* 
Let Cl' = Cl. 


r 

A 



Cl 

a' 


dom(P) = dom(I2) 
Cl — » Cl' 


By|Checkeqllnit 


Given 

A = P and Cl' = Cl 
Given 

By Lemma [32] ([Extension ReflexivityP 
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Case [F] cr = [P]t = zero: 

Similar to the case for 1, applying [CheckeqZero instead of CheckeqUnit 

Case [F] cr = [P]t = a: 


Similar to the case for 1, applying |CheckeqVar instead of CheckeqUnit 
Case [P] cr = & and [P] t = j3: 


- If & = (3: Similar to the case for 1, applying |CheckeqVar| instead of |CheckeqUnit 

- If a ^ $: 

Given 

By definition of FV(— ) 


IS 1 

IS 1 


r — > ci 

&<£ FV( $ ) 
tnt 

[n](j= [Q]t 
[o] [r] cr = [n][r]t 
[n]a = [a][r]t 

dom(r) = dom(H) 

P h a := [P]t : K H A 

a — >11' 
a — > a 

dom(A) = dom(H') 


Given 

By Lemma |29l ( [Substitution Monotonicity 1 (i) twice 

[P] cr = a 

Given 

By Lemma [90] ([Completeness of Instantiation I 


Th a = [P]t : k H A By CheckeqlnstL 

Case [P]cr = a and [P]t = 1 or zero or oc. 

Similar to the previous case, except: 

a ^ FV( 1 ) By definition of FV(— ) 

[r]t 

and similarly for 1 and a. 

Case [P] t = a and [P] cr = 1 or zero or oc. Symmetric to the previous case. 
Case [P]cr = a and [P] t = succ([P]to) : 

If a ^ FV([P]to), then a ^ FV([P]t). Proceed as in the previous several cases. 
The other case, a e FV([r]to), is impossible: 

We have & [P]to- 

Therefore a -< succ([P]to), that is, a -< [P]t. 

By a property of substitutions, [Oja -< [£l][P]t. 


Since V — > Cl, by Lemma [29l ( [Substitution Monotonicity ) (i), [O] [P]t = [il]t, so [Q]a -< [Q]t. 
But it is given that [11] a = [11] t, a contradiction. 

Case [P] t = a and [r]cr = succCtPluo) : Symmetric to the previous case. 

Case [P]ct = [P]cri ® [P] cr 2 and [P]t = [r]ti ® [P]t 2 : 

Given 


P — > a 

rb [Dd! = [P]ti :*H0 
0— 4 a 0 

n— > cio 

dom(0) = dom(Ho) 

0h [0] [P] cr 2 = [ 0 ][r]t 2 :★ HA 

A — > CL' 

Clo — » Cl' 
dom(A) = domfH'] 

Cl — > Cl' 


By i.h. 


By i.h. 


By Lemma [33] ( [Extension TransitivityP 
r h [P] cr i ® [P] cr 2 = [Pit! ® [P]t 2 ) :* 1 A By |CheckeqBin| 
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• Case [r]cr = & and [P]t = t] ® t 2 : Similar to the &/succ(— ) case, showing the impossibility of 

6i e FVnrjtk) for k = 1 and k = 2. 

• Case [F]t = 6i and [r]cr = 0 ! ® 02 : Symmetric to the previous case. □ 

Lemma 92 (Completeness of Elimeq). 

If [PJ cr = o and [F] t = t and V F cr : k and r F t : k and FEV(cr) U FEV(t) = 0 then: 

(1) If mgu(cr, t) = 0 

then T / cr = t : k H (F, A) 

where A has the form oti = ti , . . . , oc n = t n 

and for all u such that F F u : k , it is the case that [F, A]u = 0([r]u). 

(2) If mgu(cr, t) = ± (that is, no most general unifier exists) then F / o = X\ k H_L. 


Proof. By induction on the structure of [r]cr and |T]t. 


• Case [n]cr = t — zero: 


mgu(zero, zero) = • 

T / zero = zero :N HT 

•a- T / zero = zero : N H T, A 

•s- Suppose Fh u:k'. 

[F, A]u = [F]u 

= 0([F]u) 


By properties of unification 


By rule ElimeqZero 


where A = • 


where A = • 

where 0 is the identity 


• Case a = succ(n') and t = succ(t') : 


- Case mgu(succ(u') , succ(t') ) = 0: 


mgu(ff',t') = mgu(succ(ff') , succ(t') ) = 0 
succ(cr') = [F]succ(ct') 

= succ([r]a') 

c r' = [r]a' 

succ(t') = [F]succ(t') 

= succ([r]t') 
t' = [F]t ' 

F / a' = t' : N H T, A 

•s- [F, A]u = 0([F]u) for all u such that . . . 

F / succCcr') = succ(t') : N H T, A 
- Case mgu (succ (cr') , succ(t') ) = _L: 


By properties of uniheation 
Given 

By definition of substitution 
By injectivity of successor 
Given 

By definition of substitution 
By injectivity of successor 
By i.h. 

n 


By rule |ElimeqSucc 


mgu(ff',t') = mgu (succ ( a') , succ(t') ) = _L 
succ(cr') = [F]succ(ff') 

= succ([F]cr') 
o' = [F] cr' 

succ(t') = [F]succ(t') 

= succ([F]t') 
t' = [F]t ' 

F / a' A t' : N H _L 
F / succ(cr') = succ(t') :N HI 


By properties of unification 
Given 

By definition of substitution 
By injectivity of successor 
Given 

By definition of substitution 
By injectivity of successor 
By i.h. 


By rule ElimeqSucc 


• Case a = ui © cr 2 and t = ti © t 2 : 

First we establish some properties of the subterms: 
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cri ® d 2 = [r](di ® d 2 ) 
= [r]di ® [r] cr 2 
[r] cr i = ff, 

•s' [r]cr 2 = cr 2 

ti ® t 2 = [F][ti ® t 2 ) 

= [r]ti © [r]t 2 

•s- [r]t! = t! 

•s’ [f]t 2 = t 2 


Given 

By definition of substitution 
By injectivity of ® 

By injectivity of ® 

Given 

By definition of substitution 
By injectivity of ® 

By injectivity of ® 


By i.h. 

By rule|ElimeqBinBoi 


- Subcase mgu(cr, t) = _L: 

* Subcase mgujdi ,ti )= _L: 

F / ct] = ti : k H _L 

F / cri ® cr 2 = t] ® t 2 : k H _L 

* Subcase mgu(di ,ti ) = 0] and mgu(0i (cr 2 ), 0i (t 2 )) = _L: 

T / ffi = ti : k b T, A] By i.h. 

[h Ai]u = 0i ( [F]uj for all u such that ... " 

[r,A,]cr 2 = 0i ( [F] cr 2 ) Above line with d 2 as u 

= 0i(d 2 ) [F]cr 2 = cr 2 
[r,A,]t 2 = 0i ( [F] t 2 ) Above line with t 2 as u 

= 0] (t 2 ) Since [F] cr 2 = cr 2 

mgu([P, A i ] cr 2 , [F, Ai]t 2 ) = 0 2 By transitivity of equality 

[F, A i ] [F, A i ] cr 2 = [r, Ai ] cr 2 By Lemma 1291 ( [Substitution Monotonicity I 
[F, A] ] [r, Ai ]t 2 = [r, Ai ]t 2 By Lemma [29l ( [Substitution Monotonicity I 

r,A! / [r,A,]ci 2 = [r,Ai]t 2 :k11 By i.h. 

•s- T / di ® cr 2 = ti ® t? : k H _L By rule ElimeqBin 

- Subcase mgu(d, t) = 0: 

mgu(di ® d 2 , t] ® t 2 ) = 0 = 0 2 o 0] By properties of unifiers 

mgu(di , ti ) = 0i " 

mgu(0i (d 2 ),0i (t 2 )) = 0 2 " 

T / d] = t] : k H T, A] 

* [r, Ai]u = 0i ( [F]u) for all u such that . . . 

[r, Ai]d 2 = 0 1 ( [F] cr 2 ) Above line with d 2 as u 

= 0i(d 2 ) [r]d 2 = d 2 

[r, Ai ] t 2 = 0i ( [F] t 2 ) Above line with t 2 as u 

= 0i (t 2 ) [F] d 2 = d 2 

mgu([F, Ai]d 2 , [r, Ai]t 2 ) = 0 2 By transitivity of equality 

[F, Ai ] [T, Ai J cr 2 = [r,A,]d 2 By Lemma 1291 ( [Substitution MonotonicityP 

[F, A i ] [F, A i ] t 2 = [F, Ai] t 2 By Lemma 1291 ( [Substitution Monotonicity ) 


By i.h. 
// 


fj Ai / [r,Ai]d 2 A [F, A] ] t 2 : k H P, Ai,A 2 
[F, Ai , A 2 ]u' = 0 2 ( [r, Ai ]u') for all u' such that . . . 
r / di ® d 2 = ti ® t 2 : k H F, Ai , A 2 

Suppose F b u : k'. 

[r, Ai , A 2 ]u = 0 2 ( [F, Ai ]u) By** 

= 0 2 (0i([r]u)) By* 

= 0([r]u) 0 = 0 2 o0i 


By i.h. 


By rule ElimeqBin 


• Case d = a: 


- Subcase a G FV(t): 
mgu(a,t) = _L 

•s- f / a = t:K Hi 


By properties of unification 
Bv rulelElimeaUvarL® 
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- Subcase a ^ FV(t): 


mgu(oqt) = [t/a] 

(« = t')^r 

r / ix = t:K lF,a = t 


By properties of unification 
[f]a = a 


By rule ElimeqUvarL 


•s- Suppose P b u : k'. 

[r, a = t]u = [f]([t/a]u) 


= [[r]t/a][r]u 
= [t/a][r]u 


By definition of substitution 
By properties of substitution 
[F]t = t 


• Case t = a: Similar to previous case. 

Lemma 93 (Substitution Upgrade). 

If A has the form a i = ti , . . . , a n = t n 

and, for all u such that P b u : k , it is the case that [P, A]u = 0([P]u), 


then: 


(i) If f b A type then [F, A] A = 0([P]A). 

(ii) if r - 

-4 Cl then [Q]r = 0([Q]r). 

(iii) If r - 

-4 Cl then [H, A](P, A) = 0([O]P) 

(iv) Iff - 

-4 D then [d, A]e = 0([Q]e). 


□ 


Proof. Part (i): By induction on the given derivation, using the given “for all” at the leaves. 

Part (ii): By induction on the given derivation, using part (i) in the I — >Varl case. 

Part (iii): By induction on A. In the base case (A = •), use part (ii). Otherwise, use the i.h. and the 
definition of context substitution. 

Part (iv): By induction on e, using part (i) in the e = (eo : A) case. □ 

Lemma 94 (Completeness of Propequiv). 

Given T — > Cl 

and P b P prop and T b Q prop 
and [n]P = [fl]Q 
then P b [P]P ee [P]Q HA 
where A — » Cl' and Cl — > Q '. 

Proof. By induction on the given derivations. There is only one possible case: 


• Case 


P b a, : N P b o- 2 : N 
r b CTi = 02 prop 


|EqProp| 




P b T! = t 2 prop 


-[EqPrapj 
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[£l](ffi = c 2 ) = [E1](ti = t 2 ) 

Given 

[E>]cri = [n]x. 

Definition of substitution 

[0]a 2 = [E1 ]t2 

// 

T F ctj : N 

Subderivation 

r F T! : N 

Subderivation 

TF [n<n A [F] cr 2 : N H0 

By Lemma [Ml ([Completeness of Checkeqf 

0 — > El 0 

// 

Cl— >O 0 

n 

r F o 2 ■■ N 

Subderivation 

0 F ff 2 : N 

By Lemma [36] ([Extension Weakening (Sorts) ) 

0 F x 2 : N 

Similarly 

0 F [0]t, A [0]t 2 : N H A 

By Lemma 19 11 ([Completeness of Checkeq 1 

A — > Do 

// 

Cl o — ) Cl' 

n 

[0]ti = [0][F]ti 

By Lemma [29] ([Substitution Monotonicity 1 (i) 

[0]t 2 = [©] [F]t 2 

II 

0 F [0][F]t! A [0] [F]t 2 : N HA 

By above equalities 

Cl — > O' 

By Lemma [33] ([Extension Transitivity ) 

F F ( [r] o- n = [0] 0 - 2 ) = ([F]ti = [0]t 2 ) h r 

By|=PropEq| 

r F ( [F] cr-i = [r] cr 2 ) = ([F]t, = [F]t 2 ) H T 

By above equalities E 


Lemma 95 (Completeness of Checkprop). 

If T — > Q. and dom(r) = dom(D) 

and F F P prop 

and [F]P = P 

and [a]T F [G1]P true 

then F F P true H A 

where A — > O' and £1 — > O' and dom(A) = dom(D'). 


Proof. Only one rule, DeclCheckpropEq[ can derive [O] F F [G>]P true, so by inversion, P has the form 
(ti = tx) where [Cl]ti = [Cl]t 2 . 

By inversion on Th (ti = tz) prop, we have P F ti : N and r F t 2 : N. 

Then by Lemma[9l1 ([Completeness of Checkeq[), F F [F]t i = [F] t 2 : N H A where A — > Cl' and Cl — > Cl'. 
By |CheckpropEq[ F F (ti = t 2 ) true HA. □ 


L'.2 Completeness of Equivalence and Subtyping 

Lemma 96 (Completeness of Equiv). 

If T — > Cl and T I- A type and F I— B type 
and [E>]A = [£1]B 

then there exist A and Cl' such that A — > Cl' and Cl — > Cl' and T h [F]A = [T]B H A. 

Proof. By induction on the derivations of V F A type and F F B type. 

We distinguish cases of the rule concluding the first derivation. In the first four cases ( |lmplies\A7F] 
IWithWFlIForallWFllExistsWFl) . it follows from [Cl] A = [0]B and the syntactic invariant that Cl substitutes 
terms t (rather than types A) that the second derivation is concluded by the same rule. Moreover, if none 
of these three rules concluded the first derivation, the rule concluding the second derivation must not be 
ImpliesWF] IWithWFl IForallWFl or lExistsWFl either. 

Because Cl is predicative, the head connective of [F]A must be the same as the head connective of 
[El] A. 

We distinguish cases that are imposs. (impossible), fully written out, and similar to fully- written-out 
cases. For the lower- right case, where both [F]A and [r]B have a binary connective ©, it must be the same 
connective. 

The Vec type is omitted from the table, but can be treated similarly to z> and A. 
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[r]B 



D 

A 

V|B.B' 

3p. B' 

i 

oc 

p 

B, © B 2 

D 

Implies 

imposs. 

imposs. 

imposs. 

imposs. 

imposs. 

imposs. 

imposs. 

A 

imposs. 

With 

imposs. 

imposs. 

imposs. 

imposs. 

imposs. 

imposs. 

Va. A' 

imposs. 

imposs. 

Forall 

imposs. 

imposs. 

imposs. 

imposs. 

imposs. 

3a. A' 

imposs. 

imposs. 

imposs. 

Exists 

imposs. 

imposs. 

imposs. 

imposs. 

1 

imposs. 

imposs. 

imposs. 

imposs. 

2. Units 

imposs. 

2.BEx.Unit 

imposs. 

[F]A a 

imposs. 

imposs. 

imposs. 

imposs. 

imposs. 

2.Uvars 

2.BEx.Uvar 

imposs. 

& 

imposs. 

imposs. 

imposs. 

imposs. 

2.AEx.Unit 

2.AEx.Uvar 

2.AEx.SameEx 

2.AEx.OtherEx 

2.AEx.Bin 

A] © At 

imposs. 

imposs. 

imposs. 

imposs. 

imposs. 

imposs. 

2.BEx.Bin 

2. Bins 


Case 


F F P prop F h Ao type 
F F P D Ao type 


npliesWF] 


This case of the rule concluding the first derivation coincides with the Implies entry in the table. 
We have [Q]A = [H]B, that is, [O] (P D Ao) = [H]B. 

Because H is predicative, B must have the form Q D Bo, where [11] P = [H]Q and [H]Aq = [H]Bo. 


T F P prop 

Subderivation 

F h A 0 type 

Subderivation 

T t- Q D B 0 type 

Given 

T F Q prop 

By inversion on rule ImpliesWF 

T F B 0 type 

n 

TF [F]P = [F]Q H 0 

By Lemma 1941 ([Completeness of Propequiv) 

0 — > C1q 

// 

n— i a 0 

n 

r — y 0 

By Lemma [48l dProp Equivalence Extension 1 

F F Ao type 

Above 

r F Bo type 

Above 

[11] A 0 = [Q]B 0 

Above 

[0o]A o = [HolBo 

By Lemma [55] (Completing Completeness) (ii) twice 

r F [F]A 0 = [F]B 0 H A 

By i.h. 

A — > Cl' 

n 

Cl o — i Cl' 

n 


•s- Cl — >11' By Lemma l33l ( [Extension Transitivity 1 

r F ([HP 3 [r]A 0 ) = ( [F] Q D ]r]B 0 ) H a By[=A] 

•s- f h [f](P 1 Ao) s [f](Q D Bo) HA By definition of substitution 


• Case lWit.hWFl 


Similar to the|lmpliesWF case, coinciding with the With entry in the table. 


• Case 


F, (x : k F Ao type 
f I- Va : k. Ao type 


IForallWFI 


This case coincides with the Forall entry in the table. 
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r — > a 

r, oc : k — > £1, a : k 
r, oc : k F Ao type 

B = Voc : k. Bo 
[Cl] Ao = [H] B 0 

F, oc : k F [r]A 0 = [F]B 0 H Ao 
Ao — > O-o 
Cl, a : k — > Do 

«*■ Cl — > Cl' and Qo = (Q',a: k,...) 

A 0 = (A, a : k, A') 

A — > Cl' 


Given 

Bv l — >Uvarl 
Subderivation 

Cl predicative 

From definition of substitution 

By i.h. 

// 

n 

By Lemma [22] (Extension Inversion!) (i) 
By Lemma [22] Extension Inversion]) (i) 


F F Voc : k. [F]A 0 = Va : k. [F]B 0 H A BvEVl 
•s- F F [r](Va : k. Ao) = [F](Voc : k. Bo) HA By definition of substitution 

• Case lExistsWFf Similar to the lForallWFl case. (This is the Exists entry in the table.) 


Case IBinWFI 


ImpliesWF 


case. 


If IBinWFl also concluded the second derivation, then the proof is similar to the 
but on the first premise, using the i.h. instead of Lemma [94] (Completeness of 


Propequiv). This is the 2. Bins entry in the lower right corner of the table. 


If IBi n WFl did not conclude the second derivation, we are in the 2.AEx.Bin or 2.BEx.Bin entries; see 
below. 


In the remainder, we cover the 4x4 region in the lower right corner, starting from 2. Units. We already 
handled the 2. Bins entry in the extreme lower right corner. At this point, we split on the forms of [F] A 
and [F]B instead; in the remaining cases, one or both types is atomic (e.g. 2.Uvars, 2.AEx.Bin) and we 
will not need to use the induction hypothesis. 


• Case 2.Units: [F] A = [F] B = 1 

r F 1 = 1 H F Bv l=Unit1 
F — ) £1 Given 

Let Cl’ = £1'. 

•s- A — } £1 A = T 

**■ £1 — > Cl' By Lemma l32l ( [Extension Reflexivity l and Cl’ = Cl 

• Case 2.Uvars: [F] A = [F] B = a 

F — > Cl Given 

Let Cl' = Cl’. 

•s- rha=aHF Bv l=Varl 

•s- A — > Cl A = F 

•s- £1 — > Cl' By Lemma l32l ( [Extension Reflexivity l and Cl’ = Cl 

• Case 2.AExUnit: [r]A = & and [F] B = 1 


F — iQ 

Given 

1 = [Q]l 

By definition of substitution 

fv(i) 

By definition of FV(— ) 

[n]ri- [a]a< ± [qji 

Given 

r F a := 1 :* H A 

By Lemma l90l dCompieteness of Instantiation 1 (1) 

Cl — > Cl’ 

n 

A — >Q' 

n 

1= [F]l 

By definition of substitution 

a i fv(i) 

By definition of FV(— ) 

TF a=l HA 

Bvl=lnstantiateLI 
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• Case 2.BExUnit: [r]A = 1 and [F]B = ft 
Symmetric to the 2.AExUnit case. 

• Case 2.AEx.Uvar: [F]A = ft and [F] B = a 

Similar to the 2.AEx.Unit case, using [3 = [11] (3 = [F] (3 and ft ^ FV(|3). 

• Case 2.BExUvar: [F] A = 1 and [F] B = ft 
Symmetric to the 2.AExUvar case. 

• Case 2.AEx.SameEx: [F] A = ft = j§ = [F]B 


F h ft= ft H F 

Bv|=Exvar|lft = (31 

[lift = ft 

ft unsolved in V 

rh [r] ft = [r\$ h r 

By above equality + ft = p 

F — > Cl 

Given 

A — > Cl 

A = F 

Let Cl' = Cl. 
Cl — * Cl' 

By Lemma l32l (lExtension Reflexivity) and Cl 1 = Cl 


• Case 2.AEx.OtherEx: [F] A = ft and [F]B = $ and ft ^ $ 
Either ft e FV([r]0), or ft £ FV([F]0). 


ft€FV([nP): 

We have ft A [F] (§ . 

Therefore ft = [F]|3, or ft -< [F]0. 

But we are in Case 2.AEx.0tfrerEx, so the former is impossible. 
Therefore, ft -< [F]0. 

By a property of substitutions, [H]ft-< [£l][F]p. 

Since V — > Cl, by Lemma 

[n]$. 

But it is given that [II] ft = [11] p, a contradiction. 
ft£FV([F]0): 


(Substitution Monotonicity I (iii), [11] [f] [3 = [11] (3, so [ll]ft -< 


T h ft := [F] (5 : * H A By Lemma 1901 ( [Completeness of Instantiation ) 
•s- r h ft e [r] P HA Bv l=lnstantiateLI 
m- A — )Q' " 

m- Cl — > Cl' " 


• Case 2.AEx.Bin: [F] A = ft and [F] B = Bi ® B 2 

Since [F]B is an arrow, it cannot be exactly ft. By the same reasoning as in the previous case 
(2.AEx.OtherEx), ft ^ FV([F]j3). 

T h ft := [r]B : * H A By Lemma |90l ( [Completeness of Instantiation ) 

.sr A — > Cl' " 

er Cl — )Q' " 

*§• F b [F]A = [F]B H A Bv l=lnstantiateLI 

Sl B,®B 2 

• Case 2.BEx.Bin: [F] A = Ai © A 2 and [F]B = $ 

Symmetric to the 2.AEx.Bin case, applying 1=1 nstantiateRl instead of l=lnstantiateLI □ 


Theorem 9 (Completeness of Subtyping) . 

If T — > Cl and dom(r) = dom(D) and TF A type and T h B type 

and [H]r h [£1]A < ± [H]B 

then there exist A and Cl ' such that A — > £1' 

and dom(A) = dorrhH') 

and Cl — > Cl' 

andf h [FlAc 1 [F]B HA. 
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Proof. By induction on the number of V/3 quantifiers in [£1] A and [II] B. 

It is straightforward to show dom(A) = dom(n'); for examples of the necessary reasoning, see the 


• Case [Qjp |_ [n]A type nonpos([£l]A) 

[_ [q] A <- [q]a lSM!d 

[OJB 

First, we observe that, since applying O as a substitution leaves quantifiers alone, the quantifiers 
that head A must also head B. For convenience, we alpha-vary B to quantify over the same variables 
as A. 


proof of Theorem[TT] ((Completeness of Algorithmic Typing]) 
We have [D]F b [OJA <± [Q]B. 


- If A is headed by V, then [d]A = (Voc : k. [D]Ao) = (Vex : k. [fl]Bo) = [fl]B. 
Let r 0 = (T, a : k, ► &, & : k). 

Let £lo = [Cl, <x : k, ►a, cfc : k = ct). 

= 1 = Ifpol(Ao) G {— , 0}, then: 

(We elide the straightforward use of lemmas about context extension.) 


[O 0 ] r 0 b LQ]Ao <" [Q]A 0 
[DoJFo b [Q 0 ][ft/a]Ao < Ao 
Ao 
Ho 

r 0 b [r 0 ][&/a]A 0 < : [r]B 0 


^0 


Ao 


r 0 b [ft/a][r 0 ]Ao <: - [F]B 0 H A 0 
r 0 b [&/a][r]A 0 <: - (rjBo H A 0 


By |<Refl~3| 

By def. of subst. 

By i.h. (fewer quantifiers) 


(x unsolved in Fo 
Fo substitutes as F 


f a : k b Va : k. [F] Ao < : [FJ Bo H A, a : k, 0 

T b Va : k. [F]A 0 <:“ Voc: k. [F]B 0 HA 

■r Fb [r](Va: k.A 0 ) <:“ [F](Va: k. B 0 ) HA 
•s- A — > Cl 

«*• Cl — > C1' 0 

If pol(Ao) = +, then proceed as above, but apply [<Ref l+| instead of |<Ref|F( and apply 
< : H L after applying the i.h. (Rule < : R also works.) 


Bv RTVLl 
Bv RTVRI 
By def. of subst. 
By lemma 
By lemma 


- If A is not headed by V: 

We have nonneg[[Cl] A). Therefore nonneg{ A), and thus A is not headed by 3. Since the same 
quantifiers must also head B, the conditions in rule < : Equiv are satisfied. 

F — > Cl Given 

r b [F]A = [F]B H A By Lemma 1961 ( [Completeness of Equiv ) 


er A — > Cl' 

KT Cl > Cl' 

*§■ rb[r]A< : - 


[F]B HA By |< : Equ 


IV 


• Case |<Refl+( Symmetric to the |<Refl— | case, using 
RTVDRTVRI 


< : + L 


L (or < : , R ), and l< : 3RlRT=lD instead of 


• Case 


[D]F b t : k [Cl] T b h/u] [Q]A 0 <" [Cl] B 
[Q]rb Va: k. [n]A 0 < [Q]B 

S v y 

in] a 


[<vg 


We begin by considering whether or not (O] B is headed by a universal quantifier. 
- [Q]B = (V(3 : k'.B'): 

[n]F, (3 : k' b [d]A B' By Lemma ( |Subtyping Inversion ) 

The remaining steps are similar to the |<VR| case. 
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- [£1]B not headed by V: 

[£1] T b t : k 

r — > a 

r, — > n, 

r, ►a, & : k — > n, ►&, 8i : k = t 

" V - 

n 0 

[Q]r= [Q 0 ](r,^ft,ft: k) 


Subderivation 

Given 

Bv l — ^Marker! 

Bv l — >Solvel 

By definition of context application (lines 16, 13) 


[Q]ri- [x/a][n]Ao < [O] B Subderivation 

[D 0 ](r, ► a, & : k) b [x/a] [Q] Ao < [Q]B By above equality 

[Q 0 ](r, ►&, & : k) b [[Do]6t/a] [£l]Ao < [£1]B By definition of substitution 

[a 0 ](r, ► a, & : k) I- [ [£Hol &/oc] [Do]Ao < [Ool B By definition of substitution 

[Oo] ( r, ► a, &: k) b [Oq] [6c/oc]Aq < [floJB By distributivity of substitution 


b ►a, 6t b [r, ►&, Si : k][&/o.]Ao < : [fi ►a, cfc : k]B H A 0 By i.h. (A lost a quantifier) 

A 0 — > £1" " 

a 0 — > cl" " 


r, : kI- [P] [6t/a] Ao < : [P] B H Ao By definition of substitution 

F, ►a, &:k — > Ao By Lemma l50l ( [Subtyping Extension I 

Ao = (A, ►&,©) Bv Lemma l22l (lExtension Inversion!) (ii) 

b — > A " 

£1" = (£!', ►a,Oz) Bv Lemma l22l (lExtension Inversion!) (ii) 
n 

Above 

By above equalities 

By Lemma [22] (lExtension Inversion!) (ii) 


A 

Ho 

£1, ►&, & : k = t 

a 


a.' 

CL" 

Cl' , ►a, £l z 
Cl' 


►&, & : k b [P][ft/a]Ao <: [P]B HA, ► a,® 
F, ►a, oL : k b [&/a][r]Ao <: [P]B H A, ►a,® 
[P]B not headed by V 
Fb Vex: k. [F]A 0 <: [P]B HA 

bf Fb [r](Va: k. A 0 ) <: [F]B H A 


By above equality Ao = (A, ►a, 0) 

By def. of subst. ([F]& = 6t and [F]a = a) 

From the case assumption 

Bv RTVLl 

By definition of substitution 


• Case 


[CLIP, |3 : k b [Cl ] A <“ [Q]B 0 
[£1]F b [Q]A < - V|3 : k. [Q]B 0 ^ — 1 

V v y 

[n]B 


B = V|3 : k. B 0 
[Cl ] r b [Q]A <“ [Cl ] B 
[£l]r b [Q]A<- Vp. [Q]B 0 
[Q]r, p : K b [Cl ] A <- [Q]B 0 
[Q, (3 : k] (T, (3 : k) b [O, (3 : k]A < [D, (3 : k]B 0 
r, P : k b [r, (3:k]A <:- [F, |3:k]B 0 H A' 


£1 predicative 
Given 

By above equality 
Subderivation 

By definitions of substitution 
By i.h. (B lost a quantifier) 


n 
n 

By definition of substitution 
r, (3 : k — > A' By Lemma [43l ([Instantiation Extension!) 

A' = (A, |3 : k, 0) By Lemma l22l (lExtension Inversion!) (i) 


A'— 

a, p : k — > d ' 0 

HP : Kb [r] A < : - 


[F]B 0 H A' 


A 


// 


A, |3 : k, 0 — > Qq By A' — > Qq and above equality 

£1q = (£!', P : k, £1r) By Lemma 1221 (lExtension Inversion! (i) 
A — )fi' " 
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F, P : k b [f]A < : [F]B 0 H A, |3 : k, 0 By above equality 


H, P : k — > O', P : k, Or 
D — > Cl' 

Fb [r] A < : - VP : k. [r]B 0 HA 
Fb tr] A < : [D(VP : k.Bo) HA 


By above equality 

By Lemma [33] ( [Extension Transitivity I 
Bv RTVRl 

By definition of substitution 


• Case 


[Q]r,a:Kb [O]A 0 < + [Cl ] B 
[H]Fb 3a: k. [<A]A 0 <+ [H]B 


[<2S 


[Q]A 


[Cl] B 


A = 3a : k. Ao 

[a]r b [a] a] <+ [h]b 

[Cl ] r b [a] 3a: K. A 0 < 

[n]r, a : k b [a]A 0 < + [a]B 

[H, a : k] ( P, a : k) b [11, a : k]Ao < + [H, a : k]B 
fa: Kb [P, P:k]Ao <: + [F, P:k]B H A' 
A' — > C1' 0 
Cl, a : k — > CIq 

r,a: Kb [F] A < : + [F]B 0 

T, a : k — > A' 

A' = (A, a : k,0) 
r — > A 

A, a : k, 0 — > C1' 0 

CIq = (£!', a : k,D r ; 
er A > Cl' 


Cl predicative 
Given 

By above equality 
Subderivation 

By definitions of substitution 
By i.h. (A lost a quantifier) 


A 


By definition of substitution 

By Lemma [43] ([Instantiation Extension!) 

By Lemma [22] (Extension Inversion]) (i) 
n 

By A' — > CIq and above equality 
By Lemma [22] Extension Inversion!) (i) 


F, a : Kb [F]A 0 < : + [F] B H A, a : k, 0 
£1, a : k — > Cl' , a : k, Dr 
Cl — > Cl' 

T b 3a: k. [F]A 0 <: + [F]B H A 
Fb [r](3a : k.A 0 ) <: + [F]B HA 


By above equality 
By above equality 

By Lemma 1331 ( [Extension Transitivity] ) 
Bv RTVRl 

By definition of substitution 


• Case 


b t : k W\- [H]A < + [x/p]B c 


Em 


¥b [H]A<+ 3p : k.Bo 

[£i]B 

We consider whether [111 A is headed by an existential. 

If [H]A = 3a: k'.A': 

[Q]r,a: k' b A' <+ [Q]B By Lemma [3 ( |Subtyping Inversion ) 
The remaining steps are similar to the |<3L| case. 

If [£1]A not headed by 3: 

[H] F b x : k Subderivation 

T — > Cl Given 

By[ 

D, ► & ,&:k = t By[ 

' V ' 

Qo 


F, ►& 

F, ►&, & : k 


^Marker! 

tSolvel 


[H]F = [Oo] (F, ►a, St : k) By definition of context application (lines 16, 13) 
[H]F b [£1]A < + [t/P][H]Bo Subderivation 

[O 0 ] (F, ►&, & : k) b [II] A < + [t/P][H]B 0 By above equality 

[H 0 ](F, ► $, & : k) b [O] A <+ [[Qo]ft/P] [0]Bo By definition of substitution 

[HoKF, ► &, & : k) b [Q 0 ]A < + [[Ho]&/P] [Ho]Bo By definition of substitution 

[HoKF, ► &, & : k) b [Ho] A < + [Hq][^/P]Bo By distributivity of substitution 
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T, ►&, ft b [r, ► &, & : k]A < : + [F, ►&, & : K][ft/|3]Bo H Ao 
A 0 — » Cl" 

Cl o — > Cl" 

r, ►ft, & : Kb [F][ft/|3]B 0 <: + [F]B H A 0 
r, ►a, ft : k — * A 0 

Ao = (A, ►&,©) 

r — * a 

Cl"= (n>a,flz) 

A — > Cl' 

ci 0 — -> n" 

£1, ►a, ft : k = t — > O', ►a,£lz 

■s- a — > Cl' 

F, ► &, ft : k b [F] A < : + [r][ft/|3]Bo H A, ► &, 0 
F, ►a, ft : k b [r] A < : + [ft/|3][r]B 0 HA )>S) 0 
[HA not headed by 3 
r b [r]A <:+ 3(3 : k. [r]B 0 H A 
rar Fb [F]A<:+ [F](3|3 : k.B 0 ) HA 


By i.h. (B lost a quantifier) 

// 

n 

By definition of substitution 
By Lemma l50l ( |Sub typing Extension I 

By Lemma [22] (lExtension Inversion!) (ii) 
n 

By Lemma [22] (lExtension Inversion!) (ii) 
n 

Above 

By above equalities 

By Lemma [22] (lExtension Inversion!) (ii) 

By above equality Ao = (A, ►&, 0) 

By def. of subst. ([F]ft = ft and [F] |3 = (3) 

From the case hypothesis 
Bv RTHRl 

By definition of substitution □ 


L'.3 Completeness of Typing 

Theorem 10 (Completeness of Match Coverage). 

1. If [0] F b [D] FT covers [Cl] A and F — > £1 and F b A ! types and [F] A = A 
then F b FT covers A. 


2. If [£1]T / [£1]P b [£1]FT covers [C1]A and V — > £1 and F b A ! types and [F] A = A and [F]P = P 
then F / P b FT covers A. 

Proof. By mutual induction on the derivation of the given coverage rule. 


1 . 


Case 


[Q]rb • =* ei I 


covers 


- |DeclCoversEmpty| 


Apply | Co ve rs E m pty [ 

• Cases DecICoversVar, DecICoversl, DecICoversx, DeclCovers+, DecICoversH, DecICoversA, 
DecICoversVec: 

Use the i.h. and apply the corresponding algorithmic coverage rule. 


2 . 


• Case 


0 = mgu(ti,t 2 ) [0] [O] F b [0][£1]1T covers [0] A 


|DeclCoversEq| 


[Q]r / [Cl][u = t 2 ) b [am covers A 
mgu(ti,t 2 ) = S Premise 

F / ti = t 2 : k H T, 0 By Lemma l92l ( [Completeness of ElimeqP (1) 

T / [F]t-, A [F]t 2 : k H F,0 Follows from given assumption 

[0][a]rb [0] [a] FT covers [0] Ao, [0] A Subderivation 

[ 0 ][o]r= [Q, 0 ](r, 0 ) 

[ 0 ][Q]n= [Q, 0 ]n 

( [0] A 0 , [0] A) = ([F, 0]A) 

[a, 0] (r, 0) b [a, 0]n covers [F, 0] A 

F, 0 b [r, 0]TT covers [F, 0] A 

«*■ F / ti = t 2 b FT covers A 


By Lemma l93l ( [Substitution Upgrade ) (iii) 
By Lemma |93| ( [Substitution Upgrade] ) (iv) 
By Lemma [93] ( [Substitution Upgrade] ) (i) 
By above equalities 

By i.h. 

By|CoversEq| 
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• Case 


mgu(ti,t 2 ) = ± 


[Q]T / [O] (ti = t 2 ) b [£1]TT covers A 


IDecICoversEgBot] 


mgu(ti,t 2 ) = ± 

P / ti = t 2 : k H 1 

r / [r]t! = [nt 2 : k n 

•s- F / ti = t 2 h TT covers A 


Premise 

By Lemma |92| ( [Completeness of ElimeqP (2) 
Follows from given assumption 
By|CoversEqBot| 


Theorem 11 (Completeness of Algorithmic Typing). Given V — > Cl such thatdom(F) = dom(D): 


(i) If T h A p type and [£1]F h [Cl] e <h= [Cl] A p and p' C p 
then there exist A and Cl 1 

such that A — > Cl' and dom(A) = dom(Cl') and Cl — > Cl' 
and Th eh [F]A p' d A. 

(ii) If T 1- A p type and [Cl] F h [Q]e =h A p 
then there exist A, Cl', A', and p' Cp 

such that A — > Cl' and dom(A) = dom(O') and Cl — > Cl' 
and F I- e=^A' p' HA and A' = [A]A' and A — [£T']A'. 

(Hi) Iff I- A p type and [£1]F h [£X]s : [£X]A p>B q and p' C p 
then there exist A, Cl', B' and q' C q 
such that A — > £)' and dom(A) = dom(O') and Cl — > Cl' 
and F h s : [F] A p' 1> B' q' HA and B' = [A]B' and B = [£1']B'. 

(iv) Iff h A p type and [£1]F h [D]s : [£X]A p ^ B [q] and p' C p 
then there exist A, Cl', B' , and q' C q 

such that A — > Cl' and dom(A) = dom(Tl') and Cl — > £1' 

and F h s : [F] A p' 1> B' [q'] HA and B' = [A] B ' and B = [T)']B'. 

(v) If T 1- A ! types and T I- C p type and [Cl] F (- [C1]TT :: [£X]A -h= [Q]Cp and p' C p 
then there exist A, Cl' , and C 

such that A — > Cl' and dom(A) = dom(O') and Cl — > Cl' 
and Th FI:: [F]X <^= [F]Cp' HA. 

(vi) If T h A ! types and Th P prop and FEV(P) = 0 and F I- C p type 
and [Q]T /[Q]Ph [fl]ll :: [<A]A h[Q]Cp 

and p' Cp 

then there exist A, Cl' , and C 

such that A — > £1' and dom(A) = dom(Cl') and Cl — > Cl' 
and T / [F]P h n :: [r]A <= [r]C p' H A. 

Proof. By induction, using the measure in Definition [7j 


• Case 


(x : Ap) € [£1]F 


[Cl] F h xHAp 

(x : Ap) G [n]r 
F — > Cl 


IDecIVarl 


(x : A'p) G F where [£1]A' = A 
Let A = F. 

Let O' = Cl. 

«*■ F — > Cl 

• s ’ £1 > £1 


w rhxH [F]A' pHF 

■■ [F]A' = [F] [r] A ' 

•s- dom(F) = dom(D) 

F — > Cl 

[£1] [F] A' = [£1]A' 

•s- = A 


Premise 

Given 

From definition of context application 


Given 

By Lemma [32] ( [Extension Reflexivity ) 
Bv IVarl 

By idempotence of substitution 

Given 

Given 


By Lemma [29] ( [Substitution Monotonicity I (iii) 
By above equality 


□ 
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• Case 


[D]rh [Q]e=>Bq [0]f b B < ± [Q]A 
[Q]ri- [Q]e^[Q]Ap 


IDecISubl 


[d]r b [Cl]e =£> B q Subderivation 
The^B'q H0 By i.h. 

B = [OJB' " 

0 — > n 0 

O-tQo 

dom(0) = dom(flo) " 


T — > Q 
r— » Qo 
[Cl ] r h B < ± [D]A 

[D]r= [Q]0 

[O]0 h B < ± [D]A 

0 — > a 0 

0 b B' <:± A H A 


a 0 — * a' 

•s- dom(A) = domfO') 
er A — > Cl' 

«*■ a — > O' 


Given 

By Lemma [33] ( [Extension Transitivity ) 
Subderivation 

By Lemma l56l ( [Confluence of Completeness] ) 

By above equalities 

Above 

By Theorem [9] ( [Completeness of Subtyping| ) 

n 

n 

By Lemma [33] ( [Extension Transitivity] ) 

By Lemma [33] ([Extension Transitivity ) 


F b e 4= A p HA Bv ISubl 


• Case 


[Q]r b [Q]A type [Q]r b [Q]e 0 4= [Q]A ! 
LQ]rb [£l](e 0 : A] 4 A ! 


IDeclAnnol 


[Q]r b [Q]e 0 4= [Q]A ! 
[Q]A= mm 
[0]r b [Q]e 0 4= [n][r]A ! 
rbeob [r]A ! H A 
«*■ A — > £1 

«r Cl — > Q' 

•s’ dom(A) = dom(0/) 

A — > Cl' 


Subderivation 

By Lemma [29l ( [Substitution Monotonicity I 
By above equality 

By i.h. 

// 

// 

n 

By Lemma [33] ([Extension Transitivity ) 


E b A ! type 


Given 


r b (e 0 : A) => [A] A ! H A 
[A] A = [A] [A] A 
A = [Cl] A 

= m a 
= [Q'][A]A 


Bv lAnnol 

By idempotence of substitution 
Above 

By Lemma l55l ( [Completing Completeness ) (ii) 
By Lemma [29l ([Substitution Monotonicity]) 


• Case 


[Q]rb 0 4= 1 p 


I Peel 1 1 1 


We have [O] A = 1. Either [r]A = 1, or [F] A = & where cl e unsolved(r). 
In the former case: 

Let A = E. 

Let Cl' = Cl. 

*§■ F — i Cl Given 

r»- Cl — > Cl' By Lemma 1321 ( [Extension Reflexivity] ) 

dom(r) = dom(£l) Given 

rb o <=ip nr BydJ] 

«■ r b o 4= [r]i p nr i = [r]i 
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In the latter case, since A = ft and P b ft p type is given, it must be the case that p = /. 

r 0 [6t:*]l- ()«=&/ Hr 0 [fit:*=l] BvUTcSl 

is- r 0 [ft : *] b () «= [P 0 [ft : *]] ft/ H P 0 [ft : ★ = 1] By def. of subst. 

TotS. : *] — > Cl Given 

«*• To [6t : * = 1] — >0 By Lemma 1271 dParallel Extension Solutionl) 
is- Cl — > Cl By Lemma 1321 ([Extension Reflexivity) 


* Case v chk-I [0]P, a : k b [0]v <= A 0 p 

— — IDecIVII 

[Q]T b [0]v Va : k. Aq p 


[0]A = Va : k. A 0 
= Va : k. [H] A' 

A 0 = [Cl] A' 

[0]r, a : k b [Cl]v b= [0]A' p 


Given 

By def. of subst. and predicativity of Cl 
Follows from above equality 
Subderivation and above equality 


r 


P, a : k 


a 

Cl, a : k 


Given 

Bv l — >Uvarl 


[0] T, a : k = [a, a : k] ( T, a : k) 

[O, a : k](P, a : k) b [0]v <1= [£1]A' p 
[Gl, a : k](P, a : k) b [£l]v [O, a : k]A' p 


By definition of context substitution 
By above equality 
By definition of substitution 


r, a : k b v b [r, a : k]A' p H A' 
A ' — > C1' 0 
Cl, a: k — > CIq 
dom(A') = dom(D.Q) 

P, a : k — > A' 

A' = (A, a : k,0) 

A, a : k, 0 — > C1' 0 

Cl o = (O', a: k ,C1 Z ) 

A — > Cl' 


By i.h. 

n 

n 

n 

By Lemma [5T1 ( [Typing Extension I 
By Lemma l22l ([Extension Inversion!) (i) 
By above equality 

Bv Lemma l22l ([Extension Inversion!) (i) 


is- dom(A) = dom(0.') " 

is- 0 — > Cl' Bv Lemma l22l(IExtension Inversion!) on Cl. a : k — > CIq 


is- 


r,a:Kbvb[r,a: k] A' p H A, a : k, 0 
F, a : Kbvb [P] A' p H A, a : k, 0 
rbvbVa:K. [F]A'p HA 
r b V [f](Va : k. A') p H A 


By above equality 

By definition of substitution 

By0] 

By definition of substitution 


• Case [Q]r b t : K [Q]r b [Q](e s 0 ) : [t/«] [0]Aq / ; 

[0]r b [Q](e so) : Va : k. [0]A O p > B q 


- |DeclVSpine| 


[Q]r b t : k 


Subderivation 


P — > Q 

T, ft : k — > Cl, ft : k = x 

[H]rb [Q](es 0 ):[T/a][n]Ao/» 
T = [0 ]t 

[T/a][0]A o = [T/a][0, ft : k = t]A 0 

= [[0]x/a] [O, ft : k = t] A 0 
= [0, ft : k = t] [ft/a] Ao 
[D]r = [0, ft : k = t](T, ft : k) 


Given 

Bv l — >Solvel 

B q Subderivation 
FEV(t) = 0 
By def. of subst. 

By above equality 
By distributivity of substitution 
By definition of context application 
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[Cl, ft : k = x](r, ft : k) b [Q](e so) : [H, ft : k = x] [ft/a]Ao />B q By above equalities 



T, ft : k b e so : [r, ft : K][ft/ct]Ao / B' 

q HA By i.h. 


B = [a, ft: k =t]B' 

n 


A — > Cl' 

n 


dom(A) = dom(^l , ) 

n 


a — > Cl' 

// 


B' — > [A]B' 

// 


B — > [a']B' 

// 


[F, ft: k] [ft/a]A 0 = [F][ft/a]A 0 

By def. of context application 


= [ft/oc] [F] A 0 

F does not subst. for a 


F, ft : k b e so : [ft/ a] [F] Ao / B ' q HA 

By above equality 


F b e so : Vex. : k. [F]Ao p>B'q HA 

By|VSpine| 


T b e so : [r](Va : k. A 0 ) p>B'q HA 

By def. of subst. 

• Case 

v chk-I [Q]F / [Cl] P b [Q]v 4= [Q]A 0 ! 

[n]r b [n]v 4 = ([n]p) d [h]a 0 ! 



[II] T / [Q]Ph [Q]v <1= [n]A 0 ! Subderivation 


The concluding rule in this subderivation must be IDecICheckTl or DecICheckUnify In either case, 
[£1]P has the form (cr' = t') where o' = [O] cr and x’ = [H]t. 


- Case 


mgu([n]cr, [Cl] t) = _L 


[Q]r/[Q](C7 = T)I- [Q]v 4= [H]Ao 


■ IDecICh ec EH 


We have mgu (filler, [II] t) = _L. To apply Lemma [92l ( [Completeness of Elimeq| ) (2), we need to 
show conditions 1-5. 


T b (cr = t) D Ao ! type Given 

[H]((ct=t) d Ao) = [F]((ct=t) d Ao) By Lemma 1391 ( [Principal Agreement] ) (i) 
[Cl] cr = [F] cr By a property of subst. 

[£1]t = [F]t Similar 


3 

4 


F b o : k 
Tb [F] cr : k 
F b [F]t : k 
mgu( [fl]cr, [II] t) = ± 
mgu([F]cr, [F]t) = _L 


By inversion 

By Lemma ITTI ( |Right-Hand Substitution for Sorting ) 
Similar 
Given 

By above equalities 


FEV(cr) U FEV(t) = 0 
FEV([n]ff) U FEV([Q]t) = 0 
5 FEV([r](i) U FEV([r]x) = 0 

1 [F] [r] cr = [r] cr 

2 [F][F]t = [F]t 


By inversion on *** 

By a property of complete contexts 
By above equalities 
By idempotence of subst. 

By idempotence of subst. 


F / [F] cr = [F]t : k 11 

F, ►p / [F](T=[r]T HJ. 

Fbv^([F]cj=[r]T)D[r]Ao! 


By Lemma l92l ( [Completeness of ElimeqP (2) 
By |ElimpropEq| 

' Vynm 


IS" 

rbvb[r]([(T = T)DAo) ! nr 

By def. of subst. 


r — > ci 

Given 


Cl — > Cl 

By Lemma [32] ((Extension ReflexivityP 


dom(F) = dom(Il) 

Given 

- Case 

mgu([0]<r, [11] t) = 0 0([H]F) b 0([H]e) 

4=0([Q1A O )!, . ,, 


[n]r / (([ala) = [afr) b [ci]e 4= [Q]a 0 ! 


|DeclCheckUnify| 
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We have mgu([0]cr, [D] t) = 0, and will need to apply Lemma [92] (Completeness of Elimeql 
(1). That lemma has five side conditions, which can be shown exactly as in the lPecICheckTl 
case above. 


mgu(cr, t) = 0 
Let Q o = (0, ►p ) 
T — > D 

r, ►p — > Do 


Premise 

Given 

Bv l — Marker! 


dom(F) = dom(D) Given 
dom(F, ►p) = dom(Do) By def. of dom(— ) 

T, ►p / [F]ct == [F]t : k H T, ►p, 0 By Lemma l92l ( [Completeness of Elimeq 1(1) 

f)^p / [F]cr = [F]t H F, ►p,© By |ElimpropEq| 

EQO for all F, ►p I- u : k. [F, ► P ,0]u = 0([F, ► P ]u) " 

T h P D Ao ! type Given 
T h Aq ! type By inversion 


F — > D 

EQa [r]A 0 = [D]A 0 

Let Di = (D, ► p,©). 

0([0]F) b 0(e) b= 0([Q]A o ) ! 

F, ►p, 0 — > Di 

0([D]A o ) = 0([F]A o ) 

= [F, ►p, 0 ]Aq 
= [0i]A o 
= [Di][F, ►p, 0]Ao 

0([d]f) = [n!](r,^ P ,0) 

0([D]e) = [Dde 


Given 

By Lemma 1391 ([Principal Agreement I (i) 


Subderivation 
By induction on 0 
By above equality EQa 

By Lemma 193 1 ( Substitution Upgrade] ) (i) (with EQO) 
By Lemma [39] (Principal Agreement) (i) 


By Lemma|29l ([Substitution Monotonicity|) (iii) 


By Lemma |93| ( [Substitution Upgrade] ) (iii) 
By Lemma 193 1 ([Substitution Upgrade]) (iv) 


[Di)(F, ►p,©) b [0i)e<b= [Di)[F, ►p, 0]A O ! By above equalities 


dom(F, ►p, 0) = 

: dom(Di ) 

dom(F) = dom(D) 

r> P) 0b 

e >1= [F, ►p^lAo ! b A' 

By i.h. 

A' — » 

02 

n 

01 — » 

02 

n 

dom(A') = 

dom(D() 

n 

A' = 

(A, ^p, A") 

Bv Lemmal22l(IExtension Inversionl) (ii) 

02 = 

(0',^ P ,0 Z ) 

Bv Lemma|22| (lExtension Inversion!) (ii) 

«*• A — > 

O' 

n 

0o — » 

02 

By Lemma [33] ([Extension Transitivity|) 

0, ►p — > 

0', ►p.Oz 

By above equalities 

»*■ D — > 

D' 

Bv Lemmal22l (lExtension Inversionl) (ii) 

•r dom(A) = 

dom(D') 

n 


r,^P,0h e-(= [f,>p,0]Ao ! HA,^ P ,A" By above equality 
Tb ( [r] cx = [F]t) D [F]A 0 ! H A By^O 
rbeb[r](PD Aq) ! b A By def. of subst. 


• Case 


[D]F b [D]P true [D]F b [D](e s 0 ) : [0]A O p»Bq 
[D]f b [D](e s 0 ) : ([D]P) D [D]A 0 p»Bq 


|DeclpSpi ne| 
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[0]T P [0]P true 
[Q]r I- [O] [r]P true 
r P [P]P true H 0 
0 — > £li 

a — > 0! 

dom(0) = dom(Qi) 


Subderivation 

By Lemma [29l ( [Substitution MonotonicityP (ii) 

By Lemma [95] ( [Completeness of Checkprop ) 
n 

n 


n 


r — > a 

[0]r = LQ,]0 

[D]Ao = [0i]Ao 

[0]rp LQ](es 0 
[n,]0h [Q](es 0 

0 P e so : [0]Ao p » B' q HA 
•s- B' = [A]B ' 

•s- dom(A) = dom(0') 
sr B=[0']B' 

A — > 0' 


Given 

By Lemma [57] ( [Multiple Confluence I 
By Lemma 1551 ( [Completing Completeness 1 (ii) 
[Cl]Ao p 3> B q Subderivation 
[£li]Ao p B q By above equalities 
By i.h. 


0 1 


0' 


a — > a' 

[0]A O = [0][P]A o 

0 I- e s 0 : [©] [F] A 0 p > B' q HA 
FP e s 0 : ( [P] P ) D [P]A 0 p>B'q HA 
r P e So : [r](P D A 0 ) p > B' q HA 


By Lemma [33] ( Extension Transitivity^ 

By Lemma [29] ( Substitution Monotonicity I (iii) 

By above equality 


By |pSpine] 

By def. of subst. 


• Case 


[0]FP [Q]eo 4= A^p 


- IDecl+IJ 


[0]F P inj k [£l]e 0 <(= Aj + A 2 p 

[OJA 

Either [F]A = Ai + A 2 (where [0]A k = A k ) or [F] A 
In the former case: 


ft € unsolved(F). 


[0]F P [0]e o 4= A k p Subderivation 

[Q] r P [0] e 0 4= [0] A k p [0] A k = A k 

F P eo 4= [F]A k p HA By i.h. 

r»- A — > 0 " 

•s- dom(A) = dom(0') " 

«■ 0 — > 0' " 

FP inj k e 0 4= ([r]Ai) + ([r]A 2 )p H A By |+I k | 

•s- F P inj k eo 4= [F] ( Ai + Ai)p HA By def. of subst. 

In the latter case, A = ft and [0]A = [0]ft = A] + A 2 = x\ + x' 2 . 

By inversion on F P ftp type, it must be the case that p = /. 


F — > 0 Given 

F = To [ft : *] ft £ unsolved(F) 

0 = 0o [ft : * = To] By Lemma l22l (Extension Inversion!) (vi) 
Let 02 = 0o [&i : * = t{, fti : * = t(, ft : * = fti+ft 2 ]. 

Let r 2 = r q [ft i : ★, ft 2 : ft : * = fti +ft 2 ] ■ 


F 

0 

r 2 


r 2 


02 


02 


By Lemma 1231 ( |Deep Evar Introduction ) (iii) twice 
and Lemma 1261 ( [Parallel Admissibility ) (ii) 

By Lemma 1231 ( |Deep Evar Introduction ) (iii) twice 
and Lemma [26] (Parallel Admissibility) (iii) 

By Lemma 1261 ([Parallel Admissibility]) (ii), (ii), (iii) 
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•s’ 

•s’ 


•s- 


•S’ 


[ci] rh [Q]e 0 4= [a 2 ]a k / 
[a]r = [a 2 ]r 2 
[n 2 ]r 2 he 0 ^ [n 2 ]a k / 
r 2 h e 0 4= tr 2 ]a k /ha 
a — > Cl' 

dom(A) = dom(Q') 

Cl 2 — > Cl' 
a — > Cl' 

F b inj k eo =4 a/ H A 
rh in Jk e 0 =*> [ria/HA 


Subd. and A{. = x{. = [Q 2 ]a k 
By Lemma [57l ( [Multiple Confluence ) 
By above equality 
By i.h. 

n 

n 

n 

By Lemma 1331 ( [Extension Transitivity ) 
By |+ia k | 

a E unsolved(F) 


Mr,x : Aj p h [Q]e 0 4= A 2 p 

r : : : ; |Decl — >11 

[Q]r h Ax. [Q]eo <= a; -» A' 2 p 


We have [O] A = Aj — > A^. Either [P] A = A] — > A 2 where Aj = [£l]Ai and A 2 = [Q]A 2 — or 
[F] A = a and [D]a = Aj — > A/ 

In the former case: 

[0]F,x : AJ p h [Cl]eo 4= A' 2 P Subderivation 


a; = [ci] Ai 

= [n][F]A, 

[q]a{ = [a/onnA! 
= [nun A, 


Known in this subcase 
By Lemma l30l ([Substitution Invariancel) 
Applying £1 on both sides 
By idempotence of substitution 


[0]r,x : Aj p = [D,x : Aj p](r,x : [F]Ai p) By definition of context application 
[D,x : Aj p](F,x : [F]Ai p) h [O]eo 4= A 2 p By above equality 

F — > Cl Given 

F, x : [F]A] p — > Cl, x : Aj p Bv l — A/arl 


dom(F) = dom(Q) 
dom(F, x : [F]Ai p) = £l,x : Aj p 

T, x : [F]A-| p h e 0 4= A 2 p HA' 
A' > CIq 
dom(A') = dom(G>Q) 

Cl, x : Aj p — > Oq 

Cl 0 = (Cl\x : AJ p,n z ) 
Q — > Cl' 


Given 

By def. of dom(— ) 

By i.h. 

// 

// 

// 

By Lemma [22] ([Extension Inversion! (v) 


•S’ 

•S’ 


•S’ 


r,x: [F]A, p — > A' 

A'= (A, x : • • • ,0) 

A, x : • • • ,0 — > Cl', x : Aj p, Cl z 
A — > Cl' 

dom(A) = dom(Q') 


By Lemma [51] ( [Typing Extension ) 

Bv Lemma l22l ([Extension Inversion!) (v) 
By above equalities 

By Lemma [22] ([Extension Inversion!) (v) 
// 


T, x : [r] A] p h eo f= [F] A 2 p H A, x : • ■ ■ p, 0 By above equality 

F h Ax. e 0 4= ([F1A, ) — > ( [r] A 2 ) p HA ByQD 

T h Ax. eo 4= [F] ( Ai — > A 2 ) p H A By definition of substitution 


In the latter case ([F]A = a E unsolved(F) and [D]a = Aj — > A 2 = xj — > x^): 

By inversion on F h a p type, it must be the case that p = /. 

Since a E unsolved(F), the context V must have the form Fo[a : *]. 

Let r 2 = Totai : a 2 : a : * = ai — >a 2 ] . 
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r— > r 2 

[O] ft = x\ — > x' 2 


By Lemma l23l ( |Deep Evar Introduction! ) (iii) twice 
and Lemma 1261 ( [Parallel Admissibility] ) (ii) 
Known in this subcase 


F — > O Given 

O = Ho [ft : * = To] By Lemma 1221 (lExtension Inversion!) (vi) 
Let CI 2 = O 0 [&i : * = fti : * = x 2 , ft : * = 6 G— >ft 2 ]. 


r 

O 
r 2 


r 2 


n 2 


n 2 


By Lemma l23l ( [Deep Evar Introduction ) (iii) twice 
and Lemma l26l ( [Parallel Admissibility! ) (ii) 

By Lemma l23l ( |Deep Evar Introduction ) (iii) twice 
and Lemma l26l ( [Parallel Admissibility] ) (iii) 

By Lemma 1261 ([Parallel Admissibility!) (ii), (ii), (iii) 


[n]r, x : x\ / b [£l]e 0 <= x' 2 / 

[n]r = [a 2 ]r 2 

x' 2 = [Q ]& 2 
= [n 2 ]ft 2 
x\ = [Q 2 ]fti 


Subderivation 

By Lemma [57l ( [Multiple Confluence I 
From above equality 

By Lemma 1551 ( [Completing Completeness I (i) 
Similar 


[n 2 ]r 2 , x : x\ / = [Q 2 , x : /] (F 2 , x : ft, /) 

[n 2 ,x : t 5/](r 2 ,x : ft, /) I- [Q]eo <(= [ 0 2 ]ft 2 / 


By def. of context application 
By above equalities 


dom(r) = dom(Q) 
dom(r 2 ,x : ft , /) = dom(Q 2 ,x : x\ /) 

r 2 ,x:ft 1 /be 0 ^[r 2 ) x:ft,/]ft 2 /HA + 
A+ — > 0 + 
dom(A + ) = dom(D + ] 

n 2 — > o+ 


r 2 , x : fti / — > A + 

A+ = (A,x:fti/,A Z ) 
Q+ = (O', x Q z ) 



A - 

-4 O' 


dom(A] 

= dom(£) ' 


O - 

-4 Q 2 


O - 

-4 a+ 


n - 

-4 O' 


L b Ax. e 0 hft/dA 

ft= [r] ft 

m T b Ax. e 0 <(= [f] ft / H A 


Given 

By def. of P 2 and £1 2 

By i.h. 

// 

// 
n 

By Lemma [51] ( |Typing Extension I 
By Lemma l22l (lExtension Inversion!) (v) 

By Lemma l22l (lExtension Inversion!) (v) 
n 

n 

Above 

By Lemma [33] ( [Extension Transitivity I 
By Lemma l22l (lExtension Inversion!) (v) 
Bv l— bftl 
ft G unsolved(r] 

By above equality 
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• Case 


[Q]r,x:[fl]Aph [Q]v <(= [fl]Ap 
[Q]f b rec x. [d]v <b= [fl]A p 


IDecIRecI 


[n]r,x: [Q]Ap h [Q]v 4= [£1]A p Subderivation 


[0]F, x : [a]Ap = [a,x : [Q]Ap](r,x: [F]Ap] By definition of context application 
[Cl,x : [Q]Ap](r,x : [F]Ap) b [d]v <(= [O] A p By above equality 

F — > Q Given 

r,x : [F]Ap — » a,x : [£l]Ap Bv l — >Va71 


dom(F) = dom(£l) 
dom(F,x : [F] Ap) = £l,x : [Q]Ap 

F, x : [F]Aphv<= [r]Ap HA' 
A'— 

dom(A') = dom(£lQ) 

£1, x : [II] A p — * C1' 0 

Q' = (£>',x: [Q]Ap,0) 
Q — ) Cl' 


Given 

By def. of dom(— ) 

By i.h. 

// 

n 

n 

By Lemma [22] (Extension Inversion!) (v) 

n 


r,x: [F]Ap — > A' 

A' = (A, x : ■ ■ • ,0) 

A, x : • ■ ■ ,0 — > Cl',x: [Il]Ap,0 
•s- A — > Cl' 

•s- dom(A) = domtO') 

T, x : [r]Ap hvf= [F] A p H A, x : [F]Ap 
•s- T h rec x. v <= [F] A p H A 


By Lemma [511 ( |Typing Extension I 
By Lemma [22] (Extension Inversion!) (v) 
By above equalities 

By Lemma [22] (Extension Inversion!) (v) 
// 

, 0 By above equality 
Bv [Recl 


Case 


[D]rh [Q]e 0 HAq [D]F b [Q]s 0 : A q > C fp] 


[0]rb [Q](e 0 s 0 ) ^ Cp 

Subderivation 
By i.h. 


IDecMEI 


[Cl] r b [n]e 0 HAq 
T b eo =?> A' q H 0 
0 — > 

dom(0) = dom(n@) " 

C1—>C1 o 

a = [n e ]A' 

A' = [0]A' 

r — > ci 

[Q]r= [Q e ]0 

[Ojrb [£l]s 0 : A q » C [p] 
[O e ]0b [Q]s 0 : [O 0 ]A' q > C \ V ] 
0 b s 0 : [0]A' q > C' fp] HA 
*r C' = [A] C' 
m A — > Cl' 

•s- dom(A) = dom(Il') 

CIq — > Cl' 

«■ c=[a']c' 

0 b s 0 : A' q » C' [p] HA 
er a — > Cl' 

•s- fb eo so H C'p HA 


Given 

By Lemma [57] ( [Multiple Confluence ) 
Subderivation 
By above equalities 
By i.h. 


By above equality 

By Lemma 1331 ( [Extension Transitivity I 

ByEE] 


Proof oflTheorem 1 ll ( Completeness of Algorithmic Typing ) thm:typing-completeness 


Proof oflTheoremlll ([Completeness of Algorithmic TypingP thm:typing-completeness 


135 


Case 


LQ]rb [Cl] s : [Cl] A ! > C/ 


for all C 2 . 

if [n]r b [Q]s : [a] A ! » C 2 / then C 2 = C 


[n]rh [Q]s : [Cl] A ! > C [!] 


|DeclSpineRecover| 


F — > Cl Given 

[ajr b [Q]s : [a] A ! » C/ Subderivation 
Tbs: [b]A ! » C / H A By i.h. 

«■ A — > Cl' " 

«• Cl — > Cl' " 

•s- dom(A) = dom(n') " 

«■ C = [fl']C' 

m C = [A]C' 


Suppose, for a contradiction, that FEV([A]C') 7 0. 
That is, there exists some a G FEV([A]C'). 


A — > Cl 2 By Lemma l60l ( [Split Solutions 1 

a 1 , [a:K = t 1 ] — 

' V 

Qi 

Cl 2 = Cl\ [& : k = t 2 ] " 

t 2 ± t, 

(NEQ) [n 2 ]& 7 By def. of subst. (t 2 7 ti) 

(EQ) [0 2 ]$ = for all $ / & By construction of Cl 2 

and Cl 2 canonical 


Choose aR such that aR G FEV(C') and either aR = a or a G FEV([A]aR). 
Then either aR = a, or aR is declared to the right of a in A. 


[ci 2 ]c ^ mc r 

Fb s:[r]A!»C7HA 
[Q 2 ]r b [0 2 ]s : [0 2 ][F]A ! > [n 2 ]C 7 / 


Fb s : [F]A !»C'/HA 
F b A ! type 
V b [F]A ! type 
FEV([DA) = 0 
FEV( [FJ A) C dom(-) 

A = (A l * Ar) 

(r * •) -* + (A L * Ar) 

FEV(C') C dom(A R ) 
a R G FEV(C') 
a R G dom(A R ) 


dom(Ai_) fl dom(A R ) = 0 
a R ^ dom(A L ) 
dom(F) C dom(AL) 
a R ^ dom(F) 


From (NEQ) and (EQ) 

Above 

By Theorem [8] ( [Soundness of Algorithmic Typing I 

Above 

Given 

By Lemma [13] ( |Right-Hand Substitution for Typing I 
By inversion 
Property of C 

By Lemma [72] ([Separation — Main]) (Spines) 
n 

n 

Above 

Property of C 
A well-formed 

By Definition [5] 


[n 2 ]r b [n 2 ]s : [n 2 ][r]A i » [n 2 ]c'/ 

Cl 2 and Hi differ only at a 
FEV ( [F] A) = 0 
[n 2 ][F]A= MHA 

F b [F]A type 

r — > n 2 

Cl 2 b [F] A type 
dom(Q 2 ) = dom(Hj) 

Cl 1 b [F]A type 


Above 

Above 

Above 

By preceding two lines 
Above 

By Lemma [33] ( [Extension TransitivityP 
By Lemma l38l ( [Extension Weakening (Types) | ) 
Hi and Cl 2 differ only at a 
By Lemma [l8l (|Equal Domains I 
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F b [F] A type Above 

Qh [P] A type By Lemma [38] ( [Extension Weakening (Types) P 

[O i ] [F] A = [O'] [F]A = [O] [r] A By Lemma 1551 ( [Completing CompletenessP (ii) twice 
= [H] A By Lemma 1291 ( [Substitution Monotonicity] ) (iii) 


[Q]r = [n']r By Lemma |57l ( [Multiple Confluence ) 

= [O i ] F By Lemma |57l ( [Multiple Confluence ) 

= [n 2 ]r Follows from dom(r) 

[n 2 ]s = [G>] s Q -2 and £1 differ only in & 


[OIL I- [Q]s:[Q]A!>[a 2 ]C'/ 

c = imc' 

[01C'/[Q 2 ]C' 

[n 2 ] c' 
c= [0 2 ]C' 

=r-<= 

FEV([A]C') = 0 

m- Lb s:[F]A!>C' [!] HA 


By above equalities 
Above 

By def. of subst. 

By above equality 

Instantiating “for all C 2 ” with C 2 — [Ii 2 ]C' 

By contradiction 
By|SpineRecover| 


* Case [Cl] r b [Cl] s : [Cl] A p > C q . 

Kirh [n] S :in]Ap»cr,l^=^ 

[O] r b [£l]s : [£1]A p » C q Subderivation 
Tbs: [L] A p>C'q HA By i.h. 

**• A — ■> Cl' " 

•s- dom(A) = domfO'] " 

«• Cl — > O' " 

«■ C'=[A]C' 

«■ C = [flic' 

We distinguish cases as follows: 

- If p =/ or q = !, then we can just apply [SpinePass[ 

•a- F b s : [T] A p> C' [(]] HA By |SpinePass| 

- Otherwise, p = ! and q = /. If FEV(C) ^ 0, we can apply [S^inePass[ as above. If FEV(C) = 0, 
then we instead apply [SpineRecove7[ 

•s- F b s : [T] A p C [!] HA By |SpineRecover| 

Here, q ' = ! and q = /, so q ' C q. 


• Case 


LQ]Fb ■:[0]Ap»[Q]Ap 


|DeclEmptySpine] 


r b • : [r]A p > [r]A p h r 
[F]A = [r][F]A 
r — > a 

dom(F) = dom(Q) 

LQ][r]A = [a] A 
ci — > a 


By |EmptySpine| 

By idempotence of substitution 

Given 

Given 


By Lemma [29] ( Substitution Monotonicity ) (iii) 
By Lemma [32] ( Extension Reflexivity]) 


• Case 


[Q]r b [O]e 0 4= [Q]A! q [O] r b [Q]s 0 : [fl]A 2 q»Bp 
[n]r b [Q](eo so) : ([fl]A,) -> ([Q]A 2 ) q»Bp 


|Decl— >Spine| 
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[Q]ri- [O]e 0 [a] A! q 

rhe 0 f= A 1 q H 0 
0 — ■> 00 
a — > a 0 
a = [a 0 ]A' 

A' = [0]A' 

Subderivation 

By i.h. 

// 

// 

// 

// 

[Q]r h [Q]so : [Q]A 2 q»Bp 

Subderivation 

TP so : A 2 q » B p HA 
ra- A — > Q' 

•s- dom(A) = dom(O') 

m- a — > a' 

B'=[A]B' 

•S' B=[a']B' 

By i.h. 

n 

rr 

n 

n 

// 

•s- T b eo so : Ai — > A 2 q » B p H A 

Byl— >Spine| 
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* Case [Q]r h [Cl] P true [Q]r h [Q]e A [Q]A 0 p 
[Q]r h [Q]e 4= ([Q]Ao) A [Cl]? p 

If e not a case, then: 


[Ojr h [0]P true 

Subderivation 

F h P true H 0 

By Lemma [95] ([Completeness of CheckpropP 

0 — >a' 

// 

a — > ci' 0 

n 

r — > a 

Given 

r— *ci' 0 

By Lemma [33] ([Extension TransitivityP 

[Q]r= [Q]n 

By Lemma [54] ([Completing StabilityP 

= lam 

By Lemma [55] ([Completing CompletenessP (iii) 

= [a']0 

By Lemma [56] ([Confluence of CompletenessP 

T h Ao A P p type 

Given 

r 1- Ao p type 

By inversion 

[Q]A 0 = [a']A 0 

By Lemma [55] ([Completing CompletenessP (ii) 

LQ]r b [Q]e A [Q]A 0 p 

Subderivation 

[a']0h [ci]e a [a']A 0 p 

By above equalities 

0 b e A [0]Ao p H A 

By i.h. 

A — ■> Cl' 

n 

dom(A) = dom(a') 

n 

a'o-^a' 

n 

Cl — > Cl' 

By Lemma [33] ([Extension Transitivity 1 

F b e A Aq A P p H A 

ByED 


Otherwise, we have e = case(eo> TT). Let n be the height of the given derivation. 


n 

n 

n 

n 

n 

n 

n 


- 1 

[n]F b [O](case(e 0 ,TT)) A [0]A O p 

Subderivation 

-2 

[0]r b [n]e 0 a B ! 

By Lemma [62] (|Case Invertibilityp 

-2 

[Q]r b [am :: B 4= [a]A 0 p 

// 

-2 

[a] F I- [am covers B 

n 

- 1 

[a]r b [a]p true 

Subderivation 

-1 

[air b [am :: b 4= (ta]A 0 ) a ([a]p] P 

By Lemma I6T1 ([Interpolating With and Exists 1(1) 

-1 

[ain- [a]n - b 4 = [o](a 0 ap)p 

By def. of subst. 


Theo^B'! H0 By i.h. 

0 ^ 0 ' 
a — > O' 
b = [a']B' 

= [CIq] [0] B ' By Lemma [30] dSubstitution Invariancel) 


[Q]T = [O']0 By Lemma l57l ( [Multiple Confluence ! 

[0] (Ao A P) = [0g] ( Ao A P) By Lemma 1551 ( [Completing CompletenessP (ii) 

n— 1 [Q']0 h [0]n :: LQ'][0]B' 4 = [a'](A 0 A P) p By above equalities 

0 b n :: [0]B' A A 0 A P p H A By i.h. 

«■ A — > Cl' " 

dom(A) = domia') " 

ci ' — > a' " 

0 h TT covers [0]B ' By Theorem 1 101 ( [Completeness of Match Coverage ) 

0 — > Cl' By Lemma l33l ( [Extension Transitivity] ) 

•s- P h case(eo, TT) Aq A P p HA Bv ICasel 


• Case lDecINill Similar to the first part of the [DedAl] case. 
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• Case 


[Cl ] r I- [Q] ei 4= [Cl] Ao p 

[D]r b ([Q]t) = succ(t 2 ) true [Q]T b [Cl]e 2 4= (Vec t 2 [O]A 0 ) / 

rr^ir l_ \ .. \ j— ( rnu^ mi a \ ^ 


[Q]rh ([n]ei) :: ([Q]e 2 

Let D + = (D, ►&, a : N = t 2 ). 


(Vec ([Q]t) [O] A 0 ) p 


IDecICorisl 


[n]r b ([d]t) = succ(t 2 ) true 
[0 + ](F, ► &, & : N) b ([d]t) = [0 + ]succ(&) true 
P, ►&, & : N b t = succ(&) true H f' 


Subderivation 

Defs. of extension and subst. 

By Lemma [95] ([Completeness of CheckpropP 


fP 




n ' 0 


P, ►&, a : N 
T, ►&, a : N 

[n]r= [n]o 
= [n+]n+ 

= [ci' 0 ]ci' 0 

= [n']r 

[n]A 0 = [O+]A 0 
= [O']A 0 

[C1]V b [Q]e, 4= [Cl] Ao p 
[n'r b [Q]e, 4= [a']A 0 p 
r' b ei 4= [r']A 0 p H 0 

0 


By Lemma [47] ( |Checkprop Extension ) 

By Lemma l33l ( [Extension TransitivityP 
By Lemma [54l ( [Completing Stability^ 

By def. of context application 

By Lemma l55l ( [Completing Completeness) ) (iii) 

By Lemma l56l ( [Confluence of Completeness] ) 

By def. of context application 

By Lemma 15 5 1 ( [Completing Completeness] ) (ii) 

Subderivation 
By above equalities 
By i.h. 


n o 


O" 

12 o 

O" 

12 o 


(Vec t 2 [Q]A 0 ) / 

(Vec ([£!+]&) [Q]A 0 )/ 
(Vec ([£!''] ft) [a"]A 0 ) / 


[Cl]r b [Cl]e 2 
[0]r b [Cl]e 2 
[O"]0 b [Cl]e 2 
[O"]0 b [Cl]e 2 4= [n^(Vec a Ao) / 
3 0 b e 2 b [0]Ao p H A, ►&, A' 

A, ►a, A' — » Cl" 
dom(A, ►a, A') = dom(0") 

Cl" — > Cl" 

£>"= (!!,►&, ...) 

«■ A — > Cl' 

•s- dom(A) = dorr^d') 

(F', ►&,...) — > Cl' 
m- Cl — > Cl' 


Subderivation 
By def. of substitution 
By lemmas 
By def. of subst. 

By i.h. 


By Lemma [22] (Extension Inversion!) (ii) 


By Lemma [33] ( [Extension TransitivityP 
By Lemma [22] (Extension Inversion!) (ii) 


F b ei :: e 2 4= (Vec t Ao) p HA Bv IConsI 


• Case [Q]r b [ale, 4= A] p [ojr b [ci]e 2 

[Q]r b ([n]e, , [n]e 2 > 4= a; xa; p L ^ £2iJ 

Either [E] A = Ai x A 2 or [F] A = a G unsolved(r). 


- In the first case QP] A = A] x A 2 ), we have A{ = [d]Ai and A 2 = [d]A 2 . 
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[Cl] r t- [Q] ei 4= a; p 
[H]n- [Q] ei 4= [Q]A, p 
r b ei 4= [HA! P H 0 
0— >Cl Q 

dom(0) = domfDo) 

ci — > ci 0 

[Q]r b [Q]e 2 4= A' p 

[Cl]r b [Cl]e 2 4= [Q]A 2 p 

r — > 0 
[a]r= [q 0 ]0 
[Q]a 2 = [a 0 ]A 2 


Subderivation 

[G]Ai = a; 

By i.h. 

// 

// 


// 


Subderivation 
[Q]A 2 = A 2 


By Lemma [51] ( [Typing Extension ) 

By Lemma [57l ( [Multiple Confluence! ) 

By Lemmal55l ([Completing Completeness ) (ii) 


By above equalities 
By i.h. 

n 
// 
n 

By Lemma l33l ( [Extension Transitivity ) 

T b (ei , e 2 ) 4= ( [r] Ai ) x ( [T] A 2 ) p H A By^d] 

«*■ r b (ei,e 2 ) 4= [F](Ai x A 2 ) p H A By def. of subst. 

- In the second case, where [r]A = &, combine the corresponding subcase for |Decl+b~] with 
some straightforward additional reasoning about contexts (because here we have two sub- 
derivations, rather than one) . 


[n©]0 b [Q]e 2 4= [n 0 ]A 2 p 
0 b e 2 4= [F] A 2 p H A 

rar A > Cl' 

•s- dom(A) = dom(O') 

Cl@ — » Cl' 
m- Cl — > Cl' 


• Case [Q]r h [ Q ] eo ^ c j [Q]p b [Q]n :: C 4= [Q]A p [Q]T b [Q]TT covers C 

— ^ case([a]e0) [Q]TT) ^ [Q ] A p | DedCaSe | 


[0]F b [0]eo =r> C ! Subderivation 
rbe 0 4 C'! H 0 By i.h. 

0 — > C1 Q 

dom(0) = dom(D 0 ) " 

0 — > O 0 
C=[G e ]C' 


0 b C' ! type 
FEV(C') = 0 
[Q 0 ]C' = C' 


By Lemma [63] ( [Well-Formed Outputs of Typing^ 
By inversion 

By a property of substitution 
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r — ■> 0 
a — > 0 
0 — > a 

[Q]r = [Q]o = [a] a 
r — » 0 
r— >a 0 
[Q]r = [Q e ]0 

E b A type 
Cl b A type 
LQ]A = [0 0 ]A 
[0]E b [0]TT :: C <= [Cl] A p 
[Q 0 ]0 I- [Q]n :: [n e ]c' 4 = [Cl 0 ] A p 
0 b 17:: C' b[0]Ap HA 
A — > Cl' 

dom(A) = dom(Q') 

0 e — > Cl 
Cl — > Cl' 


Given 

Given 

By Lemma 1331 ( [Extension Transitivity! ) 

By Lemma l56l ( [Confluence of Completeness] ) 
By Lemma I5T1 ( |Typing Extension] ) 

By Lemma [33] ( [Extension Transitivity ) 

By Lemma [57l ( [Multiple Confluence ) 

Given + inversion 

By Lemma [38] ( [Extension Weakening (Types) ) 
By Lemma 1551 ( [Completing Completeness ) (ii) 
Subderivation 
By above equalities 
By i.h. (v) 


n 

By Lemma 1331 ([Extension Transitivity ) 


[n]r b [0]TT covers C 
[Q]r= [C1]A 
= [Q']A 

[D']A b [OJTT covers C' 
A — > Cl' 


Subderivation 

Above 

By Lemma [57l ( [Multiple Confluence I 

By above equalities 

By Lemma [33] ([Extension TransitivityP 


P b C' ! type 
E — > A 


Ab C' ! type 
[A]C' = C' 


Abfl covers C' 


Given 

By Lemma l51l ( [Typing Extensionfl &I33I 
By Lemma [411 ( [Extension Weakening for Principal Typing ) 
By FEV(C') =0 and a property of subst. 

By TheoremllOl ([Completeness of Match Coverage I 


•s- T b case(eo, TT) 4= [F] A p H A Bv ICasel 


• Case [Cl] r b [Q] ei <(= A] p [Cl] r b [Cl]e 2 4= a 2 p 

[Q]r b <[0] ei , [0]e 2 > bA,xA 2 p L ^ £2iJ 

in] a 

Either A = ft where [0]ft = A] x A 2 , or A = A\ x A' 2 where Ai = [0] AJ and A 2 = [OJAj. 
In the former case (A = ft) : 

We have [0] ft = Ai x A 2 . Therefore Ai = [0]A{ and A 2 = [0] A^. Moreover, T = Fq [ ft : k]. 


[0]r b [0] ei 4= [0 ]aj P 

Let T' = r 0 [fti : k, ft 2 : k, ft : k = 

[0]r = [0]r' 

[ 0 ]r / b [0]ei 4= [0]A] P 
F b ei <= [HA] p' H0 
0 — > 0 , 

0 — > 0 , 

dom(0) = dom(0i) 

[ 0 ]r b [ 0 ] e 2 4= f0]A' p 


Subderivation 

fti H~ ft 2 ] . 

By def. of context substitution 
By above equality 

By i.h. 

// 

// 

n 

Subderivation 
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[Q]r = [£1 1 ] © By Lemma |57l ( [Multiple Confluence] ) 

[C1]A' 2 = [O-i ] By Lemma l55l ( [Completing CompletenessP (ii) 
[n,]0h [Cl]e 2 <^= p By above equalities 

0 b e 2 <1= [©] A 2 p' H A By i.h. 

•s- dom(A) = domfQ') " 

er A — > Cl' " 

Dt — > Cl' " 

•s- Cl — > Cl' By Lemma l33l ( [Extension Transitivity 1 

•s- r b (ei,e 2 ) «= &p' H A By |xlcx| 


In the latter case (A = A\ x A 2 ): 


•S’ 

•S’ 


•S’ 


•S’ 


[Q]n- [Q]ei 4= A, p 
[air b [O] e , 4 = [a] a; p 
r b ei 4= [Ha; p H 0 

0 — >Clo 

dom(0) = dom(Qo) 

a— > a 0 

[air b [ci]e 2 4 = a 2 p 
[air b [ci]e 2 4 = [a] a' p 

r b A{ x A 2 p type 
r b A, type 

r — > a 
r— » ci 0 

Clo b A' 2 type 
[air b [d]e 2 4 = ia 0 ]A' P 
[air b [ci]e 2 4= [a o ][0]A| p 
[a] 0 b [a]e 2 4 = [a o ][0]A4 P 
0be 2 b [0]A' p H A 
A — > Cl' 


Subderivation 

A, = [a] A I 

By i.h. 


n 

n 


Subderivation 

a 2 = [a]A' 

Given (A = A{ x Aj) 

By inversion 
Given 

By Lemma l33l ( [Extension TransitivityP 
By Lemma l38l ( [Extension Weakening (Types) | ) 
By Lemma [55l ( [Completing Completeness! ) 

By Lemma l29l ( [Substitution MonotonicityP (iii) 
By Lemma [57] ( [Multiple Confluence ) 

By i.h. 


dom(A) = dom(a') " 

a 0 — » ci' 

Cl — * a' By Lemma l33l ( [Extension TransitivityP 

r b (ei , e 2 ) 4= ( [a] A 1 ) x ( [a] A 2 ) p HA By[xT] 
r b (ei , e 2 ) 4 = [a] (A, x A 2 ) p HA By def. of substitution 


Now we turn to parts (v) and (vi), completeness of matching. 

• Case | Peel Match Empty[ Apply rule | Match Em pty[ 

• Case |DeclMatchSeqj Apply the i.h. twice, along with standard lemmas. 

• Case IDecI Match Basel Apply the i.h. (i) and rule lMatchBasel 

• Case IDecI MatchUmtl Apply the i.h. and rule lMatchUnitl 

• Case I Peel Match 31 By i.h. and rule lMatchdl 

• Case lDecIMatchxl By i.h. and rule [M atch x [ 

• Case |Decl Match+j^l By i.h. and rule fMatch+iJ 

® C3.S6 

*■ Kill / K I- n=i (> •• II lift l llfl <= II III n 

■ IDecIMatchAI 


[Oir/Pbp4e:: [a] A, [a] A b[0]Cp 


[air bpbe:: ([a] a a [a]p), [a]A 4 = [aic p 


To apply the i.h. (vi), we will show (1) V b (A, A) ! types, (2) V b P prop, (3) FEV(P) = 0, (4) 
T b C p type, (5) [air / [a]P b p = 4 > [ale :: [a] A 4 = [a]C p, and (6) p' C p. 
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T I- (A A P, A) ! types 
T F (A A P) ! type 
F F A ! type 


Given 

By inversion on PrincipalTypevecWF 
By Lemma|42| ([Inversion of Principal Typing ) (3) 


(2) 

T F P prop 

// 



(3) 

FEV(P) = 0 

By inversion 



(1) 

T F (A, A) ! types By inversion and 

PrincipalTypevecWF 

(4) 

F F C p type 

Given 


(5) 

[air / p f p 4 [a] 

e:: [a] A, [a] A 4= [a]Cp 

Subderivation 

(6) 

P'Ep 

Given 



F / [F]P F p^e:: 

[r](A,A) [F] C p ' HA 


By i.h. (vi) 


A — } Cl' 



// 


dom(A) = dom(a' 

) 


// 


a — > a 7 



n 


F / [F]P F p^e:: 

[F]A, [F]A) FiriCp'HA 


By def. of subst. 


F F p e :: 

([r]A A [F]P),[F]A) 4= [F] C p 7 HA 

BvIMatchAI 


F F p =1> e :: 

[F] ( (A A P), A) 4= [F] C p 7 HA 

By def. of subst. 


• Case |DeclMatchNeg) By i.h. and rule [MatchNeg| 

• Case lDecIMatchWlidl By i.h. and rule [Match Wildl 

• Case DecIMatchNil: Similar to the lDecIMatchAl case. 


• Case DecIMatchCons: Similar to the lDecIMatchEll and IDecIMatchAl cases. 


Case 


mgu([n]ff, [Q]t) = _L 


[air / [aio = [ah t- [a](p =» e) - [a ] a 4= [a]c p 


IDecIMatchTl 


r — > a 

FEV(cr = t) = 0 

[a] a = [F]cr 

[a]x = [F]t 


Given 

Given 

By Lemma 1391 ( [Principal Agreement ) (i) 
Similar 


IS- 

IS’ 


mgu([a] cr , [a]x) = _L 
mgu([F](j, [F]t) = _L 

F /ct = t::kH_L 

r/ [F](J= [Fhl- p^e:: [F]A{ 
a — > a 

dom(F) = dom(a) 


Given 

By above equalities 

By Lemma [92] ( [Completeness of ElimeqP (2) 
[F]Cp H F Bv l Match I I 

By Lemma [32] ( [Extension Reflexivity ) 

Given 


• Case 


mgu([a]ci,[a]T) =e 0([a]F) f- e(p =#. [a]e) :: 0([a]A) 4= 0([a]c) v 


[air / [ah = [ah h P h [a]e - [a ] a 4= [aic p 

As in IDecIMatch-Ll case 
Given 

By above equalities 


|DeclMatchUnify| 


([aid = [rid) and ([a]T= [Fix) 
mgu([a]d, [ah) = 0 
mgu([r] d, [F]x) = 0 


F / d = x : k H (F, 0) 

0 = (ai = ti , — , a. n = t n ) 

[r ) 0]u=0([r]u] 


By Lemma|92| ([Completeness of Elimeql) (1) 
n 

" for all T F u : k 
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0([O]r) h 0(p =4> [£l]e) :: 0([O]A) <(= 0([O]C) p Subderivation 


(iii) 

(i) (over A) 
(0 

(iv) 


0(LQ]r) = [a,M>,0](i> P ,0) 
0([Q]A) = [n,p P ,0]A 
0([Q]C) = [a,p P ,0]c 

0 ( p =4- [O] e) = [n, pp , 0] ( p =4 e) 


By Lemma [93] ( Substitution Upgrade 
By Lemma [93] ( Substitution Upgrade 
By Lemma [93] ( Substitution Upgrade 
By Lemma [93] ( Substitution Upgrade 


[H, ►p, 0](F, ►p, 0) b [O, ► p , 0] ( p =4 e] :: [£1, p-p, 0]A <(= [H, p-p, 0]C p 
f> P ,0b (p =£> e) :: [F, p-p^lA b [r> P) 0]Cp H A, ►p, A' 


A, pp, A' — * n> P ,n" 

O, ►p, 0 — > Cl', p-p , PI" 

dom(A,p-p,A') = dom(n', p-p, O") 

s A — > Cl' 

•s- dom(A) = dom(n') 

rs- 0 — > Cl' 

«■ r/[r]ff=[r]thp4e::[r]Ab[r]CpdA 


By above equalities 
By i.h. 

n 
n 
n 

By Lemma [22] (Extension Inversion!) (ii) 

// 

By Lemma [22] Extension Inversion!) (ii) 

By | Match Unify| □ 
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